Reputation: 20244
How are web site passwords encrypted by browsers?
What are some platform-specific API's that web browsers use to securely save passwords with reversible encryption on local systems?
Since they must be able to reproduce the exact characters to pass up to a web site, the data can't be a one-way hash. My initial thought is there are system methods which utilize your current authentication data to perform encryption/decryption, but do not give access to applications to read it (your system login data) directly. I'm wondering what these are on different platforms (Windows, Linux, OS X) and how well they protect the information if the hard drive is accessed directly; i.e. a stolen laptop hard drive is placed into another computer or analyzed via a Live CD.
Upvotes: 7
Views: 2916
Answers (1)
Reputation: 116980
Here's how google chrome does it. Looks like they use CryptProtectData on windows.
Upvotes: 4
Related Questions
- How and where encryption happens in a web application?
- how does gmail account store passwords for other sites
- How do browsers discover username and password on all web pages?
- How Does Firefox's Software Security Device Protect Passwords?
- How Is My Password Transferred from My Browser to the Web Server Securely?
- Browser password managers have me stumped
- How do modern websites check your password without actually storing it?
- What 'exactly' happens when I type a password in a web-browser before the password is sent out of the machine onto the network?
- How does web browsers transfer Passwords to origin servers?
- How do I encode passwords in web forms without javascript?