Archive for August 15, 2004

Wanted: Firefox Wallet Decryption

Surprisngly, when I reposted my Mozilla Password Manager Tricks page, I got a huge influx of traffic. Apparently, this still useful, which is gratifying. Especially since there is a “Show Passwords” button in the Password Manager in newer versions of Mozilla.

Now, for a while (off and on) I’ve been trying to figure out how Firefox encodes passwords. While it looks like base64, it’s not (at least not totally, it’s possible that’s part of the method). It is some form of actual encryption, although I’m sure not too terribly strong. Now, since the code is freely available, it shouldn’t be too difficult to determine the method used to obscure the passwords in the signons.txt file (located in the profile directory). The question is, is this encoding unique to the user’s installation or PC somehow, making a web-based tool hard-to-inpossible, or is there a single key that’s used? If it’s a single method, we can create a tool similar to this for Firefox passwords. This would be very useful since Firefox has no such “Show Passwords” button in the Password Manager. Bookmarklets can’t help reveal passwords in HTTPAuth dialogs, or other username/password dialog boxes, and many people would be unable to use DOMI to view it’s contents.

So, anyone want to step up to the plate? If so, mail me,

Comments (10)