master password gsoc project

Vivien Bernet-Rollande vivien.bernet-rollande at etu.utc.fr
Wed May 21 07:40:33 EDT 2008


William Ehlhardt wrote:
> On Tue, May 20, 2008 at 4:14 PM, Richard Laager <rlaager at wiktel.com> wrote:
>   
>> That does encryption within Pidgin (well, probably libpurple). The SoC
>> project is to use an existing password safe, like the GNOME Keyring or
>> KDE Wallet. This will be much more user friendly. For many users, it
>> will Just Work.
>>     
>
> It seems to me that a built-in-to-Pidgin master password encryption
> mechanism would be useful. It can certainly be overridden if an
> external password safe is present, and would also be useful on
> platforms where there is no such safe (Does Windows have a password
> safe that you can integrate with?). If the cited patch provides a
> libpurple-specific keystore already, most of the difficult work here
> has already been done.
>
> -William
>   
There's a page on why the passwords are kept unencrypted here :
http://developer.pidgin.im/wiki/PlainTextPasswords

The basic idea is that just obscuring passwords gives a false sense of
security.

Regarding windows, there's a protected storage API, which IE/outlook/msn
use I believe.
It encrypts the data using the user's login credentials, but can use a
"secret" as a secondary entropy source, for added protection.
This means it's possible to either have a pidgin-specific master
password, or just trust that the account credentials are safe.
more here : http://msdn.microsoft.com/en-us/library/ms995355.aspx

>From what i read, Gnome KeyRing is slithly different. The simplest thing
to do would be to create a pidgin specific keyring, protected by it's
own password, which is asked to the user when pidgin starts (or when a
password is needed). It might also be an option to put the credentials
in the GNOME_KEYRING_DEFAULT keyring, which is unlocked on login, for
easier use. It might also be possible to automaticly unlock a keyring on
login, and therefore use only a pidgin safe.

KWallet probably has something like that too.

Now, regarding a builtin master-password encryption mechanism, it is
indeed an option. The thing is, once the rest is done, doing this would
be a simple matter of writting a few cryptographic routines in a plugin.

--Vivien




More information about the Devel mailing list