Just getting the file would not help you for the attack vectors shown in the art... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jarek on June 21, 2013 \| parent \| context \| favorite \| on: How Browsers Store Your Passwords (and Why You Sho... Just getting the file would not help you for the attack vectors shown in the article for Chrome (need user account's CryptProtectData), IE-pre-10 (need copy of registry keys + CryptProtectData), or IE 10 (need binary on user account). Firefox would appear to be vulnerable to that approach. Not sure about Opera's wand.dat, probably vulnerable as well.

claudius on June 22, 2013 [–]

Opera allows you to set up a master password, if you want it. If you don’t want it, you can copy around wand.dat as you like (even from your computer to your phone!) and it just works. :)

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact