Re: encryption in mozilla's password manager file
I found out that mozilla encrypts all passwords in the same way. This means, that you can encrypt it for another site ;) Create your own website with form. set the correct fields... save your password... and change the site that owns the password... On Wed, 18 Aug 2004, Dan Kenigsberg wrote: A certain site, whose name I would not mention, tries to be smarter than me and disallows storing its password in my local, well-protected, mozilla password manager. I saw that I can enter the password to the local database at mozilla/default/x/.s but my problem is that the enries there are encrypted. How can I encrypt my favourite password to fit there? How can I decrypt an other, long-forgotten password, which is still stored there? I guess I could look at the mozilla code to see how they do it, but I'd appreciate if someone save me this by saying something like echo 1qQTn4PUPa8BucF3FVpfA32/0f0b5GGF | openssl des3 -d -a -K AA -iv 0 or point me to a fine manual. Thanks, -- Orr Dunkelman, [EMAIL PROTECTED] Any human thing supposed to be complete, must for that reason infallibly be faulty -- Herman Melville, Moby Dick. Spammers: http://vipe.technion.ac.il/~orrd/spam.html GPG fingerprint: C2D5 C6D6 9A24 9A95 C5B3 2023 6CAB 4A7C B73F D0AA (This key will never sign Emails, only other PGP keys.) = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: encryption in mozilla's password manager file
This lovely hack solves one of the problems. And with slight modification - also the other one: all I should do is copy the ciphertext of the forgotten password to the ad-hoc 127.0.0.1 site, and then, see what plaintext is received there. Very simple. Far from elegant. Cool. On Wed, Aug 18, 2004 at 05:08:26PM +0300, Orr Dunkelman wrote: I found out that mozilla encrypts all passwords in the same way. This means, that you can encrypt it for another site ;) Create your own website with form. set the correct fields... save your password... and change the site that owns the password... On Wed, 18 Aug 2004, Dan Kenigsberg wrote: A certain site, whose name I would not mention, tries to be smarter than me and disallows storing its password in my local, well-protected, mozilla password manager. I saw that I can enter the password to the local database at mozilla/default/x/.s but my problem is that the enries there are encrypted. How can I encrypt my favourite password to fit there? How can I decrypt an other, long-forgotten password, which is still stored there? I guess I could look at the mozilla code to see how they do it, but I'd appreciate if someone save me this by saying something like echo 1qQTn4PUPa8BucF3FVpfA32/0f0b5GGF | openssl des3 -d -a -K AA -iv 0 or point me to a fine manual. Thanks, -- Orr Dunkelman, [EMAIL PROTECTED] Any human thing supposed to be complete, must for that reason infallibly be faulty -- Herman Melville, Moby Dick. Spammers: http://vipe.technion.ac.il/~orrd/spam.html GPG fingerprint: C2D5 C6D6 9A24 9A95 C5B3 2023 6CAB 4A7C B73F D0AA (This key will never sign Emails, only other PGP keys.) -- Dan Kenigsberghttp://www.cs.technion.ac.il/~dankenICQ 162180901 = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: encryption in mozilla's password manager file
Dan Kenigsberg wrote: This lovely hack solves one of the problems. And with slight modification - also the other one: all I should do is copy the ciphertext of the forgotten password to the ad-hoc 127.0.0.1 site, and then, see what plaintext is received there. Very simple. Far from elegant. Cool. Actually, Mozilla 1.7 allows you to simply see the stored passwords. Shachar -- Shachar Shemesh Lingnu Open Source Consulting ltd. http://www.lingnu.com/ = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: encryption in mozilla's password manager file
On Wed, Aug 18, 2004 at 04:48:24PM +0300, Dan Kenigsberg wrote: A certain site, whose name I would not mention, tries to be smarter than me and disallows storing its password in my local, well-protected, mozilla password manager. I don't know which site you refer to, but Yahoo is one such site, because the same authentication is used for finance services offered on that site. The bug report about this is http://bugzilla.mozilla.org/show_bug.cgi?id=93776 Currently its status is WONTFIX. For reasoning as well as simple workarounds, see that bug report. -- Tzafrir Cohen +---+ http://www.technion.ac.il/~tzafrir/ |vim is a mutt's best friend| mailto:[EMAIL PROTECTED] +---+ = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]