How to save passwords more secure?!
Bron Gondwana
brong at fastmail.fm
Sun Jun 22 06:14:40 EDT 2008
On Sat, Jun 21, 2008 at 11:18:29PM -0600, Jeff Sadowski wrote:
> A kludge that would be the easiest to implement would be to have
> ~/.purple be a cryptomouted directory that is mounted before pidgin is
> started. It is easy to implement with scripts. and after you are
> logged in it can be unmounted.
This is no help against a hypothetical virus that reads your
accounts.xml file in real time - since you're likely to have
pidgin running most of the time you're logged in.
A "real" security solution here would either be to farm
responsibility out to the desktop environment's password
manager utility, or to have a "master password" which
pidgin uses at startup to decrypt the passwords from
disk - after which it stores them in memory which is
protected from other processes and protected from being
paged out.
The "desktop environment password utility" solution is
actually quite viable, but ideally would start with the
desktop environments agreeing on a standard interface/API
for talking to password managers, rather than having to
code up separate support for each one.
Bron
More information about the Devel
mailing list