> > case Netscape needs to run out and get a bar so they can raise it. > > This is a red herring. Local secure storage of secrets in PCs without another I dont know if it applies to windoze but the Linux & xBSD versions of netscape store the 'encoded' (not encrypted) password even if the user never ticks the remember password box. Now that Netscape should fix! > Local secure storage of secrets is a service that needs to be provided > by the operating system. In the case of Windows NT you can store them > (with some limitations) using the Local System Authority (LSA) API. Under > Windows 95/98 there is an API to store secrets using the users logon password > (stores the secrets in .PWL files) but to my knowledge it is not documented > by Microsoft (although they allude to it in some early Windows 95 presentation > slides). Maybe someone with more knowledge of Microsoft operating systems > can confirm? Regardless of if the secrets are encoded with the users password they are decodable anyway. There are plenty of password extractors for .pwl files. Rob
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:21:49 PDT