Hello,
In the past I sometimes used the Mozilla password file for retrieving forgotten passwords - this seems to be much harder now than before.
I understand that, until recently, user passwords were stored by Mozilla in base64 format unless the user pref "wallet.crypto" was set to "true".
I never set "wallet.crypto", and it isn't in my prefs.js/about:config either, so I'd expect the stored passwords to be base64-encoded.
But in my current Firefox "0815.s" file I find user names/passwords looking like this (certainly not Base64):
MEIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECAkgG/EIOUeNBBgT ...
I poked around in the code and found a pice of code (DecryptString() in extensions/wallet/src/wallet.cpp) indicating that it should actually be an error if the password string doesn't start with '~' and encryption is off.
Do I have encryption activated without knowing it? If yes, why am I never asked for a master password? If no, what format do these password entries have? Is this some sort of encryption with empty password?
Sorry if this question is stupid. I searched the web and the sources for some time and still have no clue.
Regards, Martin
_______________________________________________ Mozilla-security mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-security
