Archive for March 15, 2005

I hate LiveJournal for breaking Password Manager

LiveJournal breaks Firefox’s Password Manager, and therefore I hate it. It’s annoying as all hell. Why? This Bugzilla bug shows some detail. Basically, LJ and other sites don’t actually use your password, but an MD5 hash of it so it’s not sent over the net in cleartext, and manage this with some client-side JavaScripting to swap out the password and clear the field when you submit the form. There’s nothing there for PWM to remember, or so it thinks, and doesn’t prompt you. This is stupid because it’s a fricking web log not a bank account. Further, even banks don’t use this scheme. It’s insane and insipid. If it wasn’t for the fact I comment on some LJ users’ blogs, I woundn’t care.

Of course, if I knew what method Firefox uses to encrypt passwords then one could add the password in manually, like you could in Mozilla. Mozilla just used Base64 if you never specified a Master Password, which was good enough to prevent casual snooping of passwords. Of course, I’d update my Mozilla Password Tricks page with Firefox info too if we cracked it. 🙂

Comments (6)