| | 35 | |
| | 36 | == "But other programs don't store my password in plain text!" == |
| | 37 | |
| | 38 | That's true. But few of them store it in a way that's any safer. A Google search for [http://www.google.com/search?q=im+passwords "im passwords"] shows a bunch of hits for getting the passwords out of other IM clients just as easily as Pidgin. |
| | 39 | |
| | 40 | The very first link is a clear indication that none of: |
| | 41 | |
| | 42 | ICQ and ICQLite, AOL Instant Messenger and AIM Triton, AIM Pro, Yahoo! Messenger, Excite Messenger, MSN Messenger, Windows Live Messenger, Microsoft Office Communicator 2005, Google Talk, Odigo, Trillian, AT&T IM Anywhere, T-Online Messenger, Match Messenger, Praize IM, ScreenFIRE, ACD Express Comunicator, Imici Messenger, Prodigy IM, PowWow Messenger, Jabber IM, Kellster IM, PalTalk, Indiatimes messenger, Miranda, Tiscali, Ya.com Messenger, Rediff Bol, Sify Buzz, Devil, Tencent QQ, QQ (Africa Version), &RQ, Ipswitch Instant Messenger, Eighth Wonder Catax, Simple Instant Messenger, Vista IM, GAIM, Global-IM, Psi Jabber client, Messenger2, Picasa Hello, iWon, Blowsearch, MessageMate, Meca Messenger, Qnext, Bubbler (Five Across), InterComm IM (Five Across), Easy Message, QIP, Gizmo, MySpace IM, Exodus, Gadu-Gadu, Mail.Ru Agent, ScatterChat, Just Another Jabber Client, Maple Messenger, Pandion, IMVITE Messenger, Oyco Messenger. |
| | 43 | |
| | 44 | provide any sort of real password security. |
| | 45 | |
| | 46 | == "But surely something is better than nothing, right?" == |
| | 47 | |
| | 48 | No. When a Pidgin user looks at her accounts.xml file, she can tell immediately that it's a sensitive file and should be treated as such. When an application attempts to 'trick' the user into thinking its passwords are secure by obfuscating it in some way, the user assumes it's safe. |
| | 49 | |
| | 50 | It is an absolute fact that people will share their accounts file, with their supposedly safe passwords, even in very public places: typically so that they can conveniently access their settings remotely. Not only can these passwords be trivially decoded, if you plug those settings files into the same client, it will login without even needing to decode it. |
| | 51 | |
| | 52 | Having our passwords in plaintext is ''more'' secure than obfuscating them precisely because, when a user is not misled by a false sense of security, he is likely to use the software in a more secure manner. |
| | 53 | |
| | 54 | When people propose inefficient security, it's because they prefer a false sense of security to a false sense of insecurity. File systems, in general, do a very good job of keeping your information private. For most people, there is no insecurity inherent in plain-text passwords. There's only the perception that, because they can read their passwords with ease, that perhaps others can too. Obfuscated passwords are no more secure than plain text; they can be read, about just as easily with the aid of certain programs. It provides a false perception of security. |
| | 55 | |
| | 56 | We're 100% fine with people having false perceptions of how insecurely Pidgin handles your passwords. We are not ok with sacrificing actual security for false security. |
| | 57 | |
| | 58 | == "Is that the final word?" == |
| | 59 | |
| | 60 | No. The Pidgin developers are generally open to, and would encourage integration with keyrings. A keyring is an implementation of the first bullet point above. It would be used to cryptographically secure your password in a way that would generally be more secure (although not perfect). It would require a master password, shared amongst all the applications on your computer, to get at your passwords. |
| | 61 | |
| | 62 | The problem is that Pidgin runs on so many different environments, each of which has their own system for keyrings. It's difficult (but not impossible) to make Pidgin integrate with all of these, and still allow you to use one set of configuration files for each of them. |
| | 63 | |
| | 64 | If someone were to do this in a way that worked well, securely, and seamlessly to the user, without interfering with people who prefer to trust their file system's security, we'd gladly accept it. |
