Where are master password stored?
https://support.mozilla.org/en-US/questions/1274374
I see both key3.db and key4.db can be used for the master pasword depending on the version of Firefox.
I have Firefox 86.0.1, which has both key3.db and key4.db, but key3.db is dated several years later than key4.db. Does it mean that Firefox 86.0.1 uses key3.db?
How to read the password from key3.db using an external program (e.g. python or command line)?
All Replies (9)
You can't read the Primary Password as this password isn't stored as plain text, only by entering the PP in a PP dialog prompt you can check if you have the correct PP (one way hashing). Support for key3.db stopped with Firefox 73 leaving only support for key4.db, so I'm not sure why your key3.db is newer than key4.db. To facilitate this change, Firefox 72 is a so called watershed release that is installed as an intermediate update if you update from pre 73 to a more recent version as Firefox 72 is the last version that has migration code for key3.db to key4.db. Note that support for key4.db (SQL) exists since 2011, so this support isn't recent but SQL only got enabled by default in Firefox 58+.
Are the logins.json, key3.db and key4.db files in your active profile folder ones that have been there historically, or did you copy in any files from other places?
> Are the logins.json, key3.db and key4.db files in your active profile folder ones that have been there historically, or did you copy in any files from other places?
The profile is active. It was migrated from my previous computer. Other than that, it has not been copied. The earlier timestamp is from `times.json`, which is dated at the year 2016.
I see "Use a Primary Password" is not checked. So how the usernames and passwords are decrypted by Firefox?
There is always a basic salt that used to encrypt the passwords, only the PP adds an extra layer of encryption. This salt is stored in the key file, so only access to this file is sufficient to decrypt the passwords.
What is PP? If PP can do it, is an example standalone program in python that can be use to decrypt the password?
PP is short for Primary Password (formerly master password).
If you never encrypted the passwords in logins.json with a Primary/Master Password, you can use the following program to extract the logins as long as you have both logins.json and its matching key4.db file:
> https://github.com/kspearrin/ff-password-exporter
Thanks. This is a GUI program. Is there a command line program for this purpose?