i'm not so stupid as to think that AES-256, which isn't even a protocol actually, it's a collection of them, and the difference that matters, can be broken.

it's always side channels and handshakes and this sort of thing.

i don't know how my brave sync got breached but a device appeared on the list that i definitely did not put there. so i presume it was the browser itself was penetrated, and specifically the access to the memory where that key is stored.

i think you are way too trusting, and let's just leave it at that.

anyone who pins their security on a web browser is on the road to trouble.