On 19/02/2020 18.31, James Knott wrote:
On 2020-02-19 12:05 PM, Carlos E. R. wrote:
Yes, the actual password is never stored anywhere. That has been the normal practice since at least the 80's or early 90's.
Not so. Firefox does store the actual passwords.
I assume you're referring to the saved logins, which include the ID and password for a site.
Correct. If you set a master password they are encrypted in some file, but firefox is able to recover the plain login/pass. It has to.
Are plain text passwords actually sent to the server? Or a hash? There's a bit of a difference between one's own computer and sending plain text passwords over the Internet.
If the page uses https, it is secure sending.
BTW, I remember the days when you could read passwords with Wireshark (then known as Ethereal) or other packet capture. When's the last time you used telnet?
A week ago :-P -- Cheers / Saludos, Carlos E. R. (from openSUSE 15.1 (Legolas))