When we prompt our browser to save credentials once we log into a web application, they store our corresponding username and password. I know to recover these things from my browser. But I want to know to which directory in Ubuntu these passwords are stored?
Store passwords in three ways:
Chromium chooses which store to use automatically, based on your desktop environment.
Passwords stored in GNOME Keyring or KWallet are encrypted on disk, and access to them is controlled by dedicated daemon software. Passwords stored in plain text are not encrypted. Because of this, when either GNOME Keyring or KWallet is in use, any unencrypted passwords that have been stored previously are automatically moved into the encrypted store.
The manual page for google chrome (man google-chrome) shows:
--password-store=<basic|gnome|kwallet>
Set the password store to use. The default is to automatically
detect based on the desktop environment. basic selects the
built in, unencrypted password store. gnome selects Gnome
keyring. kwallet selects (KDE) KWallet. (Note that KWallet may
not work reliably outside KDE.)
Chrome uses the same method as Chromium. And you can use above setting to switch to plain text passwords (not recommended of course).
Passwords are stored in ~/.config/google-chrome/Default/Login Data and that is a sqlite database file (that file is encrypyed).
This login database file is in SQLite format which is lighter version of popular SQL database. In addition to login credentials it also stores other information such as auto complete entries, IE7 Logins, search keywords etc. The 'logins' table is where all the login or sign-on secrets are stored by Chrome. This table contains following interesting fields
Origin_URL - Base URL of the website
Action_URL - Login URL of the website
Username_element - Name of the username field in the website
Username_value - Actual username
Password_element - Name of the password field in the website
Password_value - Encrypted password
Date_created - Date when this entry is stored
Blacklisted_by_user - Set to 1 or 0 based on if website is blacklisted or not.
Except the password field all other fields are entered in clear text. The password for all stored websites is encrypted using Triple DES algorithm seeded with logged on user's password. That means login secrets cannot be decrypted across the user or system boundaries unless under certain conditions.
See ~/.mozilla/firefox/<profilename>
Your passwords are stored in the key4.db and logins.json files.
