> Not like a DES , this encryption can be decrypted. As a result of many > experiments i wrote this program. It gives me almost all passwords in my > system, because all people use Netscape. Blast it. It does not matter even if you used TwoFish, BlowFish or IDEA! The passwords saved in the preferences file would still be easily decrypted. People seem to be forgetting a very important point here: the encryption password must be internally stored somewhere because the user never gets asked for it. Thus it is not never necessary to "crack" the passwords because we can always use the original password. I see this same line of thought here every now and then: people report "bugs" like this while they are indeed vulnerable by design. There is no secure way of storing a password and recalling it without asking the user for some kind of passphrase. Please someone correct me, if I'm wrong at this. I know of no such cryptosystem. The method of saving only a hash won't work here since the actual password is needed in order to access the pop server. While I'm at it, has Netscape corrected the imap password saving behaviour yet? Up to, and including, communicator 4.5 the imap passwords got stored to the preferences file regardless of the setting "Remember my password". I have disallowed write access to my prefs.js file to prevent the imap password from being stored but it's quite frustrating to change the permissions every time I need to turn Javascript on to view some darn page that doesn't work without. -- Juha Jäykkä, juhajat_private PS See http://www.dcs.ex.ac.uk/~aba/rsa/ for latest version of RSA in perl. Here goes the RSA code in two lines: print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:42:42 PDT