I am considering switching over to Brave and maybe also use it’s sync feature for settings, and maybe even passwords if it’s good enough. I do use a password generator but out of laziness I happen to sometimes store passwords locally.
In their FAQ they state that they use a seed that’s then stretched with scrypt(N = 2^13, r = 8, p = 11). This is the first head scratcher. According to C.Percival, the KDFs creator, in 2017(!) 32k iterations should be made, iirc the recommended parameters back then were (N=32768, r=8 or 16, p=1).
Second, they use AES128-CTR-HMAC, which is not listed by SSL Labs best practices.
The question is, does any of this matter? Why, why not? Would you deem Brave Sync secure enough to use for syncing passwords across devices, given that my devices are properly protected and I only sync passwords to accounts that matter less or that have 2FA if they do matter?