Martin Wilck wrote:
> But in my current Firefox "0815.s" file I find user names/passwords
> looking like this (certainly not Base64):
>
> MEIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECAkgG/EIOUeNBBgT ...
It *is* base64. It's an entry for a Triple-DES encrypted password.
> Do I have encryption activated without knowing it?
Yes, apparently.
Perhaps FireFox always uses encryption, whether you ask for it or not.
> If no, what format do these password entries have?
They're ASN.1 DER encoded. The encoded contents include:
The "key id" (number) of the triple-DES key that encrypted it.
The "algorithm ID" (identifies it as triple-DES encrypted,
and includes an initialization vector)
The encrypted password itself (which was truncated in your sample)
> If yes, why am I never asked for a master password?
> Is this some sort of encryption with empty password?
If I recall correctly, when you first begin to use encryption in a
profile, if you do not set a master password, then an empty default
password is used, and therafter when the password is needed, you are
not asked to enter one. If and when you set a real master password,
you will begin to be prompted for it when it is needed.
_______________________________________________
Mozilla-security mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-security
