Results 1 to 1 of 1
2002-11-30, 12:57 #1
- Join Date
- Jan 2001
- Long Beach, California, USA
- Thanked 0 Times in 0 Posts
Passwords and AutoComplete ((all/any))
Does anyone have any insight into the function of AutoComplete -- especially as it relates to passwords??
There is extremely little information about this on the Internet -- and almost nothing from MS. I suspect this is for 'security' reasons, but sometimes it breaks -- and if you don't know how it works, you cannot fix it...
Sadly, most of the information I can find on this topic incorrectly identifies the IntelliFormsSPW folder as "containing" the passwords. As best I can tell, this is simply not logical. The value data in ALL of the SPW values is "0" -- which makes it an unlikely choice for password storage: the return value on reading the data would be "0" -- not a password...
I am interested in the following details:
1) How are the IntelliFormsSPW values encrpyted? How can they be deciphered?
2) How does IE know which IntelliFormsSPW value it needs for a given site/user pair? I suspect this relates strongly to #1 -- but it might be a separate process. (IE finds the SPW value in a 'surgical strike' approach -- there is no enumeration of values).
3) Is there any logical way to relate the encrypted SPW value with the site's password?? This seems to be more logically stored in an encrypted format in the Protected Storage System Provider keys for the site in question.
4) What encryption algorithm is used in the Protected Storage System Provider keys? All of your Forms and Password AutoComplete data is stored there in some binary/hex language that does not appear to be simple ASCII.
Certainly, people have figured out how to decode the PSSP data -- you can download free programs to do that. So it must be some relatively simple encryption algorithm...
Anyone have any ideas on this??? Thanks.