I'm really new to Mozilla (and the security issues), so please bear with me.
I found that mozilla-the-browser has a password manager (called wallet ?),
which stores user's passwords. I'm just wondering where (in which file) the
passwords being saved, and how they being encrypted before saved in a file.
I found that there are key3.db and cert7db in ~/.mozilla. Are these files
where the passwords being stored ? If so, by reading the mozilla source
(such as those in mozilla/security/{nss|psm}), is it possible to decipher
(if this is the correct word) passwords of anyone else stored in those files
?
Since Mozilla is an open source, so that everyone can have the source and
see how the password is encrypted, I'm afraid that everyone can decrypt any
password of anyone else.
To tell the truth, we are planning to use Mozilla as a browser for our
product (a PDA). So, we are concerned if anyone is able to read our
customer's passwords stored in key3.db / cert7.db (if I'm correct).
Please point me some documents (if any) explaining of how mozilla manage
key3.db and cert7.db, and how the passwords being managed.
Thank you in advance.
Regards,
Bagus
- Re: Password management Bagus Mahawan
- Re: Password management Robert Relyea
- Re: Password management Mitchell Stoltz
- Re: Password management Stephen P. Morse
- Re: Password management Bagus Mahawan
- Re: Password management Bagus Mahawan
- Re: Password management Ian McGreer
- Re: Password management Bagus Mahawan
- Re: Password management Mitchell Stoltz
- Re: Password management Robert Relyea
- Re: Password management Nelson B. Bolyard
