RE: get id password Stan Rogers 24.Jan.14 03:28 PM a Web browser Applications Development 6.5.6Windows 2003
Not quite. The password isn't stored anywhere. Your password is used to generate an encryption key, which is then used to decrypt certain credentials within the ID file. (The same key will have been used to encrypt the content of the file when you set or changed the password.) Notes "knows" you've used the right password when it tries to decrypt the file and a couple of known bytes have the correct value. The "recovery" tools won't find out what the actual password is; they provide a big, long and ugly alternate value that will generate the same decryption key as the password would have* so that the user can re-encrypt the file with a new password.
*With any hashing or key-derivation function with an output of fixed length, there will be infinitely many possible inputs that provide a given output. If a social security number were only 6 digits long, for instance, then after you hit a million people, all of the possible combinations from 000000 to 999999 will have been assigned, and you're going to have duplicate numbers even though the people they represent are different. You can't actually undo a hash or a KDF to get to the original value, but if you have some value that represents part of the work, you can work backwards to A value (as opposed to THE value) that will work out to the same result. The exact implementation isn't public, but my guess would be that access to that necessary partial result is restricted by Shamir-type shared secret encryption.