[drdaeman]

In short, the crypto itself looks okay (I'm not a cryptographer!), but the auth form you see is served over the network. It doesn't send password back - just passes it to browser runtime, so it would run KDFs on it - but you won't know what you'll get served next time.

As for the protocol - there is WebDAV. Seriously. It's functionally equivalent to what their blob storage does, except simpler, vendor independent, and doesn't mandate any particular auth schemes. Oh, and their auth protocols are total mess (BrowserID, HAWK _and_ OAuth - three different protocols are necessary to just talk to the damn system!). I get it, three teams were working on different pieces (accounts, tokenserver and the actual sync blob storage), but they could've at least tried to not invent that up, but use something standard. Or, at the very least, settle on a single protocol.

I'm saying this as someone who had spend some time reading docs and reversed engineering the rest, and had implemented almost-working (sans some undocumented oddities and a few lazy omissions leading to glitches, but it mostly works-for-me) standalone sync1.5 server - same functionality could've been done in a much more saner and simpler way.