Accounts.xml stores passwords in plain text.
evands at pidgin.im
Mon Dec 17 20:59:56 EST 2007
On Dec 17, 2007, at 7:57 PM, Daniel Atallah wrote:
> On Dec 17, 2007 6:37 PM, Andreas Monitzer <pidgin at monitzer.com> wrote:
> On Dec 17, 2007, at 20:43, Daniel Atallah wrote:
> > This isn't entirely true. I'm not aware of any major services that
> > send plaintext or plaintext equivalent passwords over the wire.
> Then you're not aware of ICQ.
> I guess I wasn't aware that we had fallen back to the old ICQ auth.
*nod* For those following from home without knowledge of the oscar
prpl, ICQ has an old authentication method which is a simple XOR of
the password (plain text equivalent) and a new authentication method
which is based on a more secure MD5 algorithm.
Mark, do you know why we switched back to XOR (or why the MD5
algorithm was written out but not used, if it never was)? The
reasoning is buried in pre-monotone logs somewhere before the files
were split up to improve readability, which occurred in:
| Revision: 3c3bc6908223470012ddf0a9adafef145037b96b
| Date: 2006-02-11T21:45:18
(so it's been that way since at least 2/2006)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Devel