Apparently the key name should be a SHA1 hash of the URL, and then the data is the encrypted login data. What is throwing me is trying to verify the hashes. If I take a simple URL and then have IE save my password at that site, I see a new key created. I'd like to know exactly what string (URL) is used to generate this key. When I take the URL and generate a hash in Linux (sha1sum), I get a 40 character hex string (20 bytes). When I look in the registry, all of the entries in Storage2 are 42 characters (21 bytes).
I found a couple of references that said the first byte in the registry was some sort of checksum, but removing that still doesn't get me the right answer.
To further confuse matters, if I generate a sha1 sum on my linux box, I get a different hash than from several websites. Clearly I am missing something. For example:
#echo hello | sha1sum
but when I visit several sites that claim to have hash generators, the string "hello" produces this value:
(http://www.daveproxy.co.uk/tools/sha1_h ... erator.php)
So what am I doing wrong?