Trac is being migrated to new services! Issues can be found in our new
YouTrack instance and WIKI pages can be found on our
website.
- Timestamp:
-
Jan 9, 2019, 7:21:25 PM (5 years ago)
- Author:
-
Eion Robb
- Comment:
-
--
Legend:
- Unmodified
- Added
- Removed
- Modified
-
|
v21
|
v22
|
|
| 1 | 1 | = Plain Text Passwords = |
| 2 | 2 | |
| 3 | | Libpurple 2 stores passwords unencrypted in the {{{accounts.xml}}} file. This is somewhat controversial in Windows, where file permissions have traditionally been more open, but that's the way things are. Libpurple 3 supports encrypted keyrings (see [[KeyringSupport]]). |
| | 3 | Libpurple 2 stores passwords unencrypted in the {{{accounts.xml}}} file. This is somewhat controversial in Windows, where file permissions have traditionally been more open, but that's the way things are. (Libpurple 3 supports encrypted keyrings, see [[KeyringSupport]] - You might find 3rd party Libpurple 2 plugins for keyring support at [[ThirdPartyPlugins#SecurityandPrivacy]]). |
| 4 | 4 | |
| 5 | | The reasoning for this is multi-part. |
| | 5 | The reasoning for storing passwords in plain text is multi-part. |
| 6 | 6 | |
| 7 | 7 | Instant messaging is not very secure, and it's kind of pointless to spend a lot of time adding protections onto the fairly strong file protections of UNIX (our native platform) when the protocols themselves aren't all that secure. The way to truly know who you are talking to is to use an encryption plugin on both ends (such as OTR or pidgin-encryption), and use verified GPG keys. Secondly, you shouldn't be using your instant messaging password for anything else. While some protocols have decent password security, others are insufficient and some (like IRC) don't have any at all. |
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!
