On 19/02/2020 10.08, David C. Rankin wrote:
On 02/19/2020 01:28 AM, Roger Oberholtzer wrote:
I have a very unusual situation. I am trying to log in to a web site (https://www.zf-laser.com if you are curious) from either Firefox (72.0.2) or Chrome (79.0.3945.130) on Tumbleweed.
I enter the password, but it is not accepted. Both browsers change the password I have entered into a long string that starts with "rsa:". I am guessing this is what they send. And, when Firefox offers to keep the password, I see that it is this same altered string, not the one I entered.
I can log in to other sites (e.g. OBS). But not this one. I have no idea what is happening. Especially since both browsers do the same thing.
Any ideas? A Google search did not seem to me to show anything related to this. Just stuff generally about RSA and passwords in browsers.
What Firefox (and chrome) are doing is just plain-old normal password hashing. You never store the plain password, instead a hash of the password is stored. When you enter a password to login, what you enter is hashed and then compare against the stored hash (prevent somebody making off with your passwords if they steal your passwords file, etc... -- normal cryptographic operation)
Not so. On "see stored password" of firefox I see the plain password as I entered it in full clear text of all sites I told FF to save the password. How it stores the password internally is something else. -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)