Trac is being migrated to new services! Issues can be found in our new YouTrack instance and WIKI pages can be found on our website.

Version 1 (modified by scrouaf, 16 years ago) (diff)

--

At the moment, libpurple stores passwords for user accounts in cleartext, in a XML file. This represents a real security issue, as anyone having access to the file has direct access to the password, and therefore the account. Simply encrypting those passwords wouldn't be enough, as libpurple needs to be able to decrypt the passwords in orther to authenticate. This means that anyone knowing the encryption scheme would be able to recover the passwords.

The main objective of this project is to allow libpurple to hand over the password storage issue to another program. Typically a program specially designed to securely store passwords, encrypting them with a master password (such as Gnome-Keyring, KWallet, Apple-Keychain, and others). These modifications should work on all systems pidgin runs on (OS X, Linux, Windows, and most POSIX systems). The project consists in first making the required changes to libpurple and/or pidgin, and then write plugins for the different password safes to be supported.

All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!