Changes between Version 21 and Version 22 of PlainTextPasswords


Ignore:
Timestamp:
01/09/19 13:21:25 (3 months ago)
Author:
EionRobb
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • PlainTextPasswords

    v21 v22  
    11= Plain Text Passwords =
    22
    3 Libpurple 2 stores passwords unencrypted in the {{{accounts.xml}}} file. This is somewhat controversial in Windows, where file permissions have traditionally been more open, but that's the way things are. Libpurple 3 supports encrypted keyrings (see [[KeyringSupport]]).
     3Libpurple 2 stores passwords unencrypted in the {{{accounts.xml}}} file. This is somewhat controversial in Windows, where file permissions have traditionally been more open, but that's the way things are. (Libpurple 3 supports encrypted keyrings, see [[KeyringSupport]] - You might find 3rd party Libpurple 2 plugins for keyring support at [[ThirdPartyPlugins#SecurityandPrivacy]]).
    44
    5 The reasoning for this is multi-part.
     5The reasoning for storing passwords in plain text is multi-part.
    66
    77Instant messaging is not very secure, and it's kind of pointless to spend a lot of time adding protections onto the fairly strong file protections of UNIX (our native platform) when the protocols themselves aren't all that secure.  The way to truly know who you are talking to is to use an encryption plugin on both ends (such as OTR or pidgin-encryption), and use verified GPG keys.  Secondly, you shouldn't be using your instant messaging password for anything else.  While some protocols have decent password security, others are insufficient and some (like IRC) don't have any at all.
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!