Martin Wilck wrote:
Nelson Bolyard wrote:
They're ASN.1 DER encoded. The encoded contents include:
The "key id" (number) of the triple-DES key that encrypted it.
The "algorithm ID" (identifies it as triple-DES encrypted,
and includes an initialization vector)
The encrypted password itself (which was truncated in your sample)
I didn't want to post my passwords here, encrypted or not.
Is there an easy way to decode this stuff using, say, openssl ?
I tried but so far with no luck.
mozilla 1.7's password manager has a new feature that will show you the
saved passwords. I don't know if FireFox has this feature or not.
mozilla's and firefox's encryption is based on NSS, not on OpenSSL.
NSS sources are part of the mozilla source code repository.
NSS includes a number of QA test and sample programs. One of those
programs, pwdecrypt, reads in an entire .s file (encrypted password
file) and outputs it, with the encrypted lines decrypted.
It asks you for your master password, which it uses to unlock the
triple-DES key in your profile's key3.db file.
To run pwdecypr, you build the NSS test program from source, and
then run the command as
pwdecrypt -d profiledir -i pwfile
where
profiledir is the full pathname of the directory containing your
mozilla (or FireFox) profile, and
pwfile is the full pathname of the .s file containing the passwords.
If either of those 2 names contains any spaces, you must enclose the
entire name in quotes.
Very important: mozilla/firefox must NOT be running when you run the
pwdecrypt program.
_______________________________________________
Mozilla-security mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-security
