Password encryption

Venkatasamy,Venkat vvenkatasamy at apcapital.com
Mon Mar 17 09:51:31 EDT 2008


The helpdesk support team will have local admin access in all the
computers. The members will be able to access the profile folders for
all users. In this case, I belive this is a not a secure solution.

________________________________

From: David Balazic [mailto:David.Balazic at hermes-softlab.com] 
Sent: Monday, March 17, 2008 9:49 AM
To: Venkatasamy,Venkat; Peter Robev
Cc: support at pidgin.im
Subject: RE: Password encryption


Of course.
YOU can read it.. Noone else can.


________________________________

	From: support-bounces at pidgin.im
[mailto:support-bounces at pidgin.im] On Behalf Of Venkatasamy,Venkat
	Sent: Monday, March 17, 2008 2:35 PM
	To: David Balazic; Peter Robev
	Cc: support at pidgin.im
	Subject: RE: Password encryption
	
	
	I tried encrypting the .purple folder and tested saving my
password in the IM client. When I opened the accounts.xml I found my
password uncrypted.

________________________________

	From: David Balazic [mailto:David.Balazic at hermes-softlab.com] 
	Sent: Monday, March 17, 2008 9:32 AM
	To: Venkatasamy,Venkat; Peter Robev
	Cc: support at pidgin.im
	Subject: RE: Password encryption
	
	
	It _IS_ secure. This is not some "I wrote it during the weekend"
encryption.
	It is real, tried and tested encryption.
	 
	David


________________________________

		From: support-bounces at pidgin.im
[mailto:support-bounces at pidgin.im] On Behalf Of Venkatasamy,Venkat
		Sent: Monday, March 17, 2008 12:57 PM
		To: Peter Robev; David Balazic
		Cc: support at pidgin.im
		Subject: RE: Password encryption
		
		
		This is not going to help to solve the issue. I belive
David refers to encrypting the .purple directory. But local
administrators of the computer will be able to decrypt the folder and
access the password. This is not a secure workaround.
		 
		i would like to hash the password so it should not be
visible even to the user who stores the password.

________________________________

		From: Peter Robev [mailto:probev at gmail.com] 
		Sent: Saturday, March 15, 2008 9:55 AM
		To: David Balazic
		Cc: Venkatasamy,Venkat; support at pidgin.im
		Subject: Re: Password encryption
		
		
		??????????????
		 
		Where do you see that ???
		
		
		2008/3/15 David Balazic
<David.Balazic at hermes-softlab.com>:
		

			File(Directory) Properties / Advanced ... /
Encrypt contents to secure data

________________________________

			From: support-bounces at pidgin.im on behalf of
Venkatasamy,Venkat
			Sent: Fri 14-Mar-08 17:54
			To: support at pidgin.im
			Subject: Password encryption
			
			

			
			We came to know that Pidgin does not encrypt the
users' password when
			they choose "Remember Password" options in the
accounts windows.
			
			Is there any workaround for this as this will be
security issue in any
			organization as local administrators having
access to the .purple
			folder.
			
			Thanks
			Venkat
			
			
			
			
			CONFIDENTIALITY STATEMENT
			This communication and any attachments are
CONFIDENTIAL and may
			be protected by one or more legal privileges. It
is intended
			solely for the use of the addressee identified
above. If you
			are not the intended recipient, any use,
disclosure, copying
			or distribution of this communication is
UNAUTHORIZED. Neither
			this information block, the typed name of the
sender, nor
			anything else in this message is intended to
constitute an
			electronic signature unless a specific statement
to the
			contrary is included in this message. If you
have received this
			communication in error, please immediately
contact me and delete
			this communication from your computer. Thank
you.
			
			_______________________________________________
			Support mailing list
			Support at pidgin.im
	
http://pidgin.im/cgi-bin/mailman/listinfo/support
			


			_______________________________________________
			Support mailing list
			Support at pidgin.im
	
http://pidgin.im/cgi-bin/mailman/listinfo/support
			
			


		
________________________________


		

		CONFIDENTIALITY STATEMENT
		This communication and any attachments are CONFIDENTIAL
and may be protected by one or more legal privileges. It is intended
solely for the use of the addressee identified above. If you are not the
intended recipient, any use, disclosure, copying or distribution of this
communication is UNAUTHORIZED. Neither this information block, the typed
name of the sender, nor anything else in this message is intended to
constitute an electronic signature unless a specific statement to the
contrary is included in this message. If you have received this
communication in error, please immediately contact me and delete this
communication from your computer. Thank you. 

		
________________________________


		

	
________________________________


	

	CONFIDENTIALITY STATEMENT
	This communication and any attachments are CONFIDENTIAL and may
be protected by one or more legal privileges. It is intended solely for
the use of the addressee identified above. If you are not the intended
recipient, any use, disclosure, copying or distribution of this
communication is UNAUTHORIZED. Neither this information block, the typed
name of the sender, nor anything else in this message is intended to
constitute an electronic signature unless a specific statement to the
contrary is included in this message. If you have received this
communication in error, please immediately contact me and delete this
communication from your computer. Thank you. 

	
________________________________


	


CONFIDENTIALITY STATEMENT
This communication and any attachments are CONFIDENTIAL and may
be protected by one or more legal privileges. It is intended
solely for the use of the addressee identified above. If you
are not the intended recipient, any use, disclosure, copying
or distribution of this communication is UNAUTHORIZED. Neither
this information block, the typed name of the sender, nor
anything else in this message is intended to constitute an
electronic signature unless a specific statement to the
contrary is included in this message. If you have received this
communication in error, please immediately contact me and delete
this communication from your computer. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pidgin.im/pipermail/support/attachments/20080317/f43fc391/attachment.html>


More information about the Support mailing list