[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Firefox's Saved Passwords

Mikkel L. Ellertson wrote:
Bill Perkins wrote:
Looks like the format has changed, but the hash used may be combined
with that funky xxxxxxxx.default directory everything lands in, which is
combined with profiles.ini... what a mess! I suppose there are good
reasons to be doing things this way... maybe if I take the old
profiles.ini, and the old .default directory name, and plunk them into
.mozilla/firefox/, I can get everything back. Apparently, when I fired
up firefox, _something_ got changed in the profile directory
which causes a panic in firefox 1.0.7

The first time you ran, it probably upgraded the file to the
new format. When you go back to 1.0.7 it has a problem with the new
format. This is just a guess, but it is fairly normal procedure when
upgrading. That is why it is usually a good idea to back things up
before doing an upgrade.

Format seems to be the same, just encrypted slightly differently.

As for not being able to just grab the old password file, and plunk
it into a new directory, and have it work, I consider that a good
thing. You should have to restore the entire configuration. It makes
it harder for someone to grab my password file and use it. (Having
a master password set is also a good idea...) This is especially
true because the password file is not a one-way hash, so you can get
the original password out of it. (Necessary because of the way the
passwords are used - you have to send the original password, not a
hash of it.)


Good point! Didn't think of that, myself. Fortunately, nothing major was lost, and I can always change passwords at the sites where I use them.

"The two most common things in the	| Bill Perkins
 universe are Hydrogen and Stupidity."	| perk iag net
					| programmer-at-large
		F. Zappa		| ALL assembly languages done here.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]