Where does Firefox store form info ?

[Santa's little helper]

I've noticed that when I start typing the first few letters of
a form (like my handle when I log in here) the rest appears on the screen.But I've searched all the files in the
firefox directory using grep and they don't contain my handle.Explanation anyone ?

[Santa's little helper]

After some experimentation , it appears that form info is stored
at formhistory.dat and history.dat in the .mozilla/firefox directory.
I assume they are stored encrypted since they do not appear in a
recognizable form in those files.

But I don't understand what purpose the encrypion serves.
Let's say that some stranger manages to gain access to the
relevant files.If the form info was unencrypted he/she would be
able to read it but so what ? Is form info (and I don't mean
passwords) valuable enough to justify all this trouble ?

[budman7]

Some people have there passwords remembered.
The rest of the form info is just convenience.

[psic]

You can empty this information (and turn it on/off) in Edit>preferences>privacy

[Santa's little helper]

Some people have there passwords remembered.

Yes but since Firefox is open source , someone can see
which encryption and decryption algorithm it uses.So if they
managed to gain access to my files they could just use
the same decryption algorithm and see what they want.

Am I missing something ?

[budman7]

When you talk about somebody accessing your system, do you mean physically accessing it?
If that is the case, having remembered passwords, even though they are encrypted is not going to do you any good. Your system is compromised.

If you are talking about somebody accessing your system some other way, then I am not sure what they could do.

Btw, just because it is open source and the code is visible, does not give a cracker a path into the system.
Having the plans to Fort Knox and knowing all the security plans, doesn't mean you can break into Fort Knox.

[jaboua]

Not sure which encryption it uses, but if it uses DSA for example I think it uses different encryption keys on every machine/system.

I also saw some security options in the firefox-settings, listing up TLS and such but that may be data-transfer encryption instead.

[Santa's little helper]

When you talk about somebody accessing your system, do you mean physically accessing it?

No , I meant over a network.

Having the plans to Fort Knox and knowing all the security plans, doesn't mean you can break into Fort Knox.

I'm not sure this is a good analogy.The way I see it , Firefox needs
to have available all the info required to decrypt entries in
the history files.This info must exist in some file Firefox
can read.Since Firefox runs as a process owned by me ,
if someone has managed to obtain my password then
every file Firefox can read the intruder can also read.So if
the intruder knows where to look they should be able
to read all the info they want.And reading the Firefox source
should tell them where to look.

Not sure which encryption it uses, but if it uses DSA for example I think it uses different encryption keys on every machine/system.

But still Firefox has to be able to read those keys.So an intruder
who has got my password will also be able to read the same keys.

[jaboua]

firefox has to be able to read those keys.So an intruder
who has got my password will also be able to read the same keys.

Don't think so if it uses DSA:
http://en.wikipedia.org/wiki/DSA

Anyway, it's not sure the file is encrypted, maybe it's just compressed to save disk-space.

[Santa's little helper]

I read the link.I don't see how it answers what I'm saying.

I don't think it's compressed because urls are readable.