Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

confused about password file format

7 views
Skip to first unread message

Martin Wilck

unread,
Jul 22, 2004, 12:36:55 PM7/22/04
to

Hello,

In the past I sometimes used the Mozilla password file for retrieving
forgotten passwords - this seems to be much harder now than before.

I understand that, until recently, user passwords were stored by Mozilla
in base64 format unless the user pref "wallet.crypto" was set to "true".

I never set "wallet.crypto", and it isn't in my prefs.js/about:config
either, so I'd expect the stored passwords to be base64-encoded.

But in my current Firefox "0815.s" file I find user names/passwords
looking like this (certainly not Base64):

MEIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECAkgG/EIOUeNBBgT ...

I poked around in the code and found a pice of code (DecryptString() in
extensions/wallet/src/wallet.cpp) indicating that it should actually be
an error if the password string doesn't start with '~' and encryption is
off.

Do I have encryption activated without knowing it? If yes, why am I
never asked for a master password? If no, what format do these password
entries have? Is this some sort of encryption with empty password?

Sorry if this question is stupid. I searched the web and the sources for
some time and still have no clue.

Regards,
Martin

Nelson Bolyard

unread,
Jul 28, 2004, 12:53:29 AM7/28/04
to
Martin Wilck wrote:

> But in my current Firefox "0815.s" file I find user names/passwords
> looking like this (certainly not Base64):
>
> MEIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECAkgG/EIOUeNBBgT ...

It *is* base64. It's an entry for a Triple-DES encrypted password.

> Do I have encryption activated without knowing it?

Yes, apparently.
Perhaps FireFox always uses encryption, whether you ask for it or not.

> If no, what format do these password entries have?

They're ASN.1 DER encoded. The encoded contents include:
The "key id" (number) of the triple-DES key that encrypted it.
The "algorithm ID" (identifies it as triple-DES encrypted,
and includes an initialization vector)
The encrypted password itself (which was truncated in your sample)

> If yes, why am I never asked for a master password?

> Is this some sort of encryption with empty password?

If I recall correctly, when you first begin to use encryption in a
profile, if you do not set a master password, then an empty default
password is used, and therafter when the password is needed, you are
not asked to enter one. If and when you set a real master password,
you will begin to be prompted for it when it is needed.

Martin Wilck

unread,
Jul 28, 2004, 10:32:08 AM7/28/04
to
Nelson Bolyard wrote:

> They're ASN.1 DER encoded. The encoded contents include:
> The "key id" (number) of the triple-DES key that encrypted it.
> The "algorithm ID" (identifies it as triple-DES encrypted,
> and includes an initialization vector)
> The encrypted password itself (which was truncated in your sample)

I didn't want to post my passwords here, encrypted or not.
Is there an easy way to decode this stuff using, say, openssl ?
I tried but so far with no luck.

> If I recall correctly, when you first begin to use encryption in a
> profile, if you do not set a master password, then an empty default
> password is used, and therafter when the password is needed, you are
> not asked to enter one. If and when you set a real master password,
> you will begin to be prompted for it when it is needed.

Thanks a lot for answering.

Regards
Martin

Nelson Bolyard

unread,
Jul 28, 2004, 5:42:35 PM7/28/04
to
Martin Wilck wrote:
> Nelson Bolyard wrote:
>
>> They're ASN.1 DER encoded. The encoded contents include:
>> The "key id" (number) of the triple-DES key that encrypted it.
>> The "algorithm ID" (identifies it as triple-DES encrypted,
>> and includes an initialization vector)
>> The encrypted password itself (which was truncated in your sample)
>
>
> I didn't want to post my passwords here, encrypted or not.
> Is there an easy way to decode this stuff using, say, openssl ?
> I tried but so far with no luck.

mozilla 1.7's password manager has a new feature that will show you the
saved passwords. I don't know if FireFox has this feature or not.

mozilla's and firefox's encryption is based on NSS, not on OpenSSL.
NSS sources are part of the mozilla source code repository.
NSS includes a number of QA test and sample programs. One of those
programs, pwdecrypt, reads in an entire .s file (encrypted password
file) and outputs it, with the encrypted lines decrypted.
It asks you for your master password, which it uses to unlock the
triple-DES key in your profile's key3.db file.

To run pwdecypr, you build the NSS test program from source, and
then run the command as
pwdecrypt -d profiledir -i pwfile
where
profiledir is the full pathname of the directory containing your
mozilla (or FireFox) profile, and
pwfile is the full pathname of the .s file containing the passwords.

If either of those 2 names contains any spaces, you must enclose the
entire name in quotes.

Very important: mozilla/firefox must NOT be running when you run the
pwdecrypt program.

0 new messages