Firefox's Saved Passwords
Bill Perkins
perk at iag.net
Sun Feb 12 19:00:33 UTC 2006
Mikkel L. Ellertson wrote:
> Bill Perkins wrote:
>> Looks like the format has changed, but the hash used may be combined
>> with that funky xxxxxxxx.default directory everything lands in, which is
>> combined with profiles.ini... what a mess! I suppose there are good
>> reasons to be doing things this way... maybe if I take the old
>> profiles.ini, and the old .default directory name, and plunk them into
>> .mozilla/firefox/, I can get everything back. Apparently, when I fired
>> up firefox 1.5.0.1, _something_ got changed in the profile directory
>> which causes a panic in firefox 1.0.7
>>
> The first time you ran 1.5.0.1, it probably upgraded the file to the
> new format. When you go back to 1.0.7 it has a problem with the new
> format. This is just a guess, but it is fairly normal procedure when
> upgrading. That is why it is usually a good idea to back things up
> before doing an upgrade.
Format seems to be the same, just encrypted slightly differently.
> As for not being able to just grab the old password file, and plunk
> it into a new directory, and have it work, I consider that a good
> thing. You should have to restore the entire configuration. It makes
> it harder for someone to grab my password file and use it. (Having
> a master password set is also a good idea...) This is especially
> true because the password file is not a one-way hash, so you can get
> the original password out of it. (Necessary because of the way the
> passwords are used - you have to send the original password, not a
> hash of it.)
>
> Mikkel
Good point! Didn't think of that, myself. Fortunately, nothing major was
lost, and I can always change passwords at the sites where I use them.
--
-------------------------------------------------------------------------------
"The two most common things in the | Bill Perkins
universe are Hydrogen and Stupidity." | perk at iag.net
| programmer-at-large
F. Zappa | ALL assembly languages done here.
-------------------------------------------------------------------------------
More information about the fedora-list
mailing list