master password gsoc project

Geoffrey Antos geoffrey.antos at
Wed May 21 21:37:38 EDT 2008

Richard Laager wrote:
> On Wed, 2008-05-21 at 23:50 +0200, Vivien Bernet-Rollande wrote:
>> The way I see it is the following : by default, the plugin works in a
>> totally transparent way. The user never gets prompted anything,
>> password are secured with his system password, simple, clean and easy.
> Agreed.
>> But from the configuration interface, the user could set a master
>> password, adding an extra layer of security (in case the system
>> account is shared by multiple users for instance).
> Then they should use multiple OS users instead.
By default, this is fine, but a generic backend using a master password 
still be reasonable. A non-Gnome, non-KDE user may not have an appropriate
desktop-specific password safe available. Pidgin Portable should allow users
to store encrypted passwords on the USB drive in case the drive is lost 
or stolen,
and shouldn't save passwords to the Windows account.

Also, are their any users who use Pidgin when an X11 session is 
available, but use
ssh + finch when one isn't? Can gnome-keyring and the KDE-equivalent provide
interfaces allowing them to be used without an X11 display? If not, 
perhaps the
platform-independent 'master password' could be used as a fall-back.

Other possible backend ideas for finch users could include using a 
key-pair from gpg-agent or ssh-agent

-Geoffrey Antos

More information about the Devel mailing list