General :  K-Meleon Forum
General discussion about K-Meleon. 
Password Manager
Posted by: Ca|ibur
Date: July 12, 2002 02:28AM

First, I'd like to commend developers and testers for your great job on KM =). Finally, I worthy alternative to this IE / Netscape crap!

On to my question, I was wondering where my passwords from websites are stored and how I can edit (remove / add) entries.

Thx! Continue with the great work

Options: ReplyQuote
Re: Password Manager
Posted by: po
Date: July 12, 2002 04:52AM

they're in the file in your profile folder that has eight random characters and an '.s' extension... you can edit it carefully; it's easier if you have a text editor that will recognize *NIX line termination, though... IIRC, notepad displays it as one line.

Options: ReplyQuote
Re: Password Manager
Posted by: Ca|ibur
Date: July 13, 2002 04:11AM

Wow, pretty complicated. Better watch what I save to the password manager, i guess.

Options: ReplyQuote
Re: Password Manager
Posted by: po
Date: July 13, 2002 04:30AM

deleting an entry isn't complicated (unless you're viewing it in notepad with word-wrap on, in which case it becomes kind of a simulated hex-editor experience...); you just remove one block, along with ONE (1) of the full-stop (.) characters above and/or below it. that seems to work fine.

i've never tried altering the contents beyond deleting a block... the login information gets encrypted in a way that's effective at keeping you from working with it, but is probably much too weak to actually keep someone who really wanted to crack it from doing so... oh well. smiling smiley

Options: ReplyQuote
Re: Password Manager
Posted by: Mark
Date: July 13, 2002 02:06PM

po, the general rule is that if you have a program that can access the encrypted data without any input from you (passphrase, encryption key, etc.), then the data might as well be cleartext. If the program can access it, then anyone else can, also.

I wrote a little perl script that checks my mail on a POP server. To do this, it needs my password. I didn't want to type it in each time, so I stored it in a file, "encrypted" with a random little algorithm I made up. The only purpose of the "encryption" is to keep people from immediately seeing my password if they get access to that file. But if they have access to the file, they also have access to the program that reads it. Run the relevant portion of the program on the file, and you have my password. There's no way around that.

That's why I tend to shy away from password-saving mechanisms in any application. With them, your password is only as secure as the access permissions on the file it's stored in.

Options: ReplyQuote
Re: Password Manager
Posted by: po
Date: July 13, 2002 07:14PM

yup... and that being the case, and with the assumption that one's not storing anything terribly important in the file, it would be nice if there was an option to skip the whole charade for the purpose of making it easier to hand-edit the file... and come to think of it, i suppose there could be a pref for that... i haven't actually checked.

i will when i wake up a little more, i think. smiling smiley

Options: ReplyQuote
Re: Password Manager
Posted by: Arual the Wyrd
Date: July 14, 2002 12:21AM

Ah. What I worry about is, what if I type in the wrong pword. Now I know how to wipe it if I do. smiling smiley
(my cats don't use the computer...)

Options: ReplyQuote


K-Meleon forum is powered by Phorum.