On 02/19/2020 03:51 AM, Roger Oberholtzer wrote:
I think I agree. But I am still curious why I see the rsa: string. That is, I guess, what will be saved in the browser's password list. Which is good as it is not saving plain text. But should the browser really be replacing the original password in the dialog with this string?
Yes, the actual password is never stored anywhere. That has been the normal practice since at least the 80's or early 90's. Here is a good link: https://crackstation.net/hashing-security.htm Is it because this is an https: site that the password
expected by the remote is the rsa: string version of the password? Should the browser really be showing that to me, even it if is what it is sending?
Now how it is hashed, rsa, or a different sha variant: https://csrc.nist.gov/projects/hash-functions For whatever reason, your browser and this one site may be talking apples and oranges because the site is looking for some non-standard MS predicate for the hashed password, different salt, etc...
Of course my Windows colleagues have no problem logging in. Sigh.
Never fails... -- David C. Rankin, J.D.,P.E. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org