At the moment, libpurple stores passwords for user accounts in cleartext, in a XML file. This represents a real security issue, as anyone having access to the file has direct access to the password, and therefore the account. Simply encrypting those passwords wouldn't be enough, as libpurple needs to be able to decrypt the passwords in orther to authenticate. This means that anyone knowing the encryption scheme would be able to recover the passwords.

The main objective of this project is to allow libpurple to hand over the password storage issue to another program. Typically a program specially designed to securely store passwords, encrypting them with a master password (such as Gnome-Keyring, KWallet, Apple-Keychain, and others). These modifications should work on all systems pidgin runs on (OS X, Linux, Windows, and most POSIX systems). The project consists in first making the required changes to libpurple and/or pidgin, and then write plugins for the different password safes to be supported.

Last modified 9 years ago Last modified on 04/22/08 02:29:37
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!