On Wed, Feb 19, 2020 at 10:08 AM David C. Rankin <drankinatty@suddenlinkmail.com> wrote:
What Firefox (and chrome) are doing is just plain-old normal password hashing. You never store the plain password, instead a hash of the password is stored. When you enter a password to login, what you enter is hashed and then compare against the stored hash (prevent somebody making off with your passwords if they steal your passwords file, etc... -- normal cryptographic operation)
The real question is why does this one site not accept what you are typing in while other sites work fine? The initial first thought is that site is broken -- so no matter what browser you use -- it doesn't work. That would seem to me to be the simplest explanation...
I think I agree. But I am still curious why I see the rsa: string. That is, I guess, what will be saved in the browser's password list. Which is good as it is not saving plain text. But should the browser really be replacing the original password in the dialog with this string? Is it because this is an https: site that the password expected by the remote is the rsa: string version of the password? Should the browser really be showing that to me, even it if is what it is sending? Of course my Windows colleagues have no problem logging in. Sigh. -- Roger Oberholtzer -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org