Unencrypted password storage

Tomasz Wasilczyk twasilczyk at pidgin.im
Tue Nov 10 07:40:48 EST 2015


This topic has been discussed broadly, see the explanation at [1]. How'd
you want to protect the password by *adding* MD5 to it?

Anyway, libpurple3 supports keyrings already.

Cheers,
Tom

[1] https://developer.pidgin.im/wiki/PlainTextPasswords

2015-11-10 12:27 GMT+00:00 Gates, John <jgates at lphs.org>:

> You are storing passwords for AIM accounts etc in xml in plain text.  This
> is a security concern for sure.  Do you have any plans to add at least an
> MD5 hash to this data?
>
>
>
> Best Regards,
>
> John Gates
>
> Manager of Information Systems
>
> Lake Park High School
>
> *SNUG SunGard National Users Group Director at Large*
>
> (630)295-5219
>
>
>
> *Let’s Connect!*
>
> [image: twitter] <https://twitter.com/johngatesIII>    [image: linkedin]
> <http://www.linkedin.com/in/JohnGates>
>
>
>
> *This email may contain information that is confidential or
> attorney-client privileged and may constitute inside information. The
> contents of this email are intended only for the recipient(s) listed above.
> If you are not the intended recipient, you are directed not to read,
> disclose, distribute or otherwise use this transmission. If you have
> received this email in error, please notify the sender immediately and
> delete the transmission. Delivery of this message is not intended to waive
> any applicable privileges.*
>
>
>
> _______________________________________________
> security mailing list
> security at pidgin.im
> https://pidgin.im/cgi-bin/mailman/listinfo/security
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20151110/25d521a1/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 2231 bytes
Desc: not available
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20151110/25d521a1/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 5252 bytes
Desc: not available
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20151110/25d521a1/attachment-0003.png>


More information about the security mailing list