I don't think winamp people ever intended to introduce MD5 or SHA1 hashes for saving passwords, or did they? It is very well a bug if winamp does not prompt or adds a tick mark saying something like "Save Password", but If it does and you have tried it by clicking on it, then I guess it is pretty much intended to act in such manner. Currently do not have access to winamp, else I would've checked. =) Best Regards, --------- Muhammad Faisal Rauf Danka Chief Technology Officer Gem Internet Services (Pvt) Ltd. web: www.gem.net.pk voice: 92-021-111-GEMNET Vice President Pakistan Computer Emergency Responce Team (PakCERT) web: www.pakcert.org Chief Security Analyst Applied Technology Research Center (ATRC) web: www.atrc.net.pk voice: 92-21-4980523 92-21-4974781 "Great is the Art of beginning, but Greater is the Art of ending. " ------BEGIN GEEK CODE BLOCK---- Version: 3.1 GCS/CM/P/TW d- s: !a C++ B@ L$ S$ U+++ P+ L+++ E--- W+ N+ o+ K- w-- O- PS PE- Y- PGP+ t+ X R tv+ b++ DI+ D G e++ h! r+ y+ ------END GEEK CODE BLOCK------ --- isox@chainsawbeer.com wrote: >When a URL's is streamed in winamp which requires HTTP authentication, the user is prompted to enter a username and password. This username and password is then stored as plain text in the file winamp.ini under the section [HTTP-AUTH]. The format of stored passwords (it seems) is <domain - TLD>=<username>:<password>. > >URL's which are streamed are also kept as history in the winamp.ini file under the [winamp] section. This includes URL's which include the username/password in them (ie, http://username:password@site). > >This was verified in Winamp 2.80 on Windows XP. > >- isox _____________________________________________________________ --------------------------- [ATTITUDEX.COM] http://www.attitudex.com/ --------------------------- _____________________________________________________________ Promote your group and strengthen ties to your members with email@yourgroup.org by Everyone.net http://www.everyone.net/?btn=tag
