[2638] in cryptography@c2.net mail archive
Re: Netscape Passwords...?
daemon@ATHENA.MIT.EDU (EKR)
Tue May 5 16:18:31 1998
To: cryptography@c2.net
From: EKR <ekr@terisa.com>
Date: 05 May 1998 12:56:13 -0700
In-Reply-To: Black Unicorn's message of "Tue, 05 May 1998 14:02:23 -0500"
Black Unicorn <unicorn@schloss.li> writes:
> >From Verisign:
>
> 1. I forgot my Navigator or Communicator password. What can I do?
> If you have a Full Service Class 1 or Class 2 Digital ID, you can replace
> it for free. Without
> your Netscape password, however, you will be unable to access your ID
> until you delete the
> files that have stored this password (for security reasons the password is
> never sent to us, so
> unfortunately we will not be able to retrieve it for you). To delete your
> Digital ID files from your
> hard drive:
>
> [blah blah]
>
> Note: if you do not want to delete all of your Digital IDs, please contact
> Netscape Customer
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> Service for assistance with bypassing the password protection.
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> [end ]
>
> Uh, really?
Well, Netscape's key file is encrypted under a digested password,
so you certainly could run some sort of Crack variant.
There may be some additional place where they scribble the
password down. Don't know about that.
-Ekr
--
[Eric Rescorla Terisa Systems, Inc.]
"Put it in the top slot."
