> > case Netscape needs to run out and get a bar so they can raise it.
>
> This is a red herring. Local secure storage of secrets in PCs without another
I dont know if it applies to windoze but the Linux & xBSD versions of
netscape store the 'encoded' (not encrypted) password even if
the user never ticks the remember password box.
Now that Netscape should fix!
> Local secure storage of secrets is a service that needs to be provided
> by the operating system. In the case of Windows NT you can store them
> (with some limitations) using the Local System Authority (LSA) API. Under
> Windows 95/98 there is an API to store secrets using the users logon password
> (stores the secrets in .PWL files) but to my knowledge it is not documented
> by Microsoft (although they allude to it in some early Windows 95 presentation
> slides). Maybe someone with more knowledge of Microsoft operating systems
> can confirm?
Regardless of if the secrets are encoded with the users password they
are decodable anyway. There are plenty of password extractors for .pwl files.
Rob
