Password encryption

David Balazic David.Balazic at hermes-softlab.com
Mon Mar 17 09:55:54 EDT 2008


ONLY THE OWNING USER CAN DECRYPT THE FILE.
 
NOONE ELSE CAN.
 
Sorry for shouting, but...
 
 
Just try it, for the love of god !
 
 ;-)
 


________________________________

	From: support-bounces at pidgin.im
[mailto:support-bounces at pidgin.im] On Behalf Of Venkatasamy,Venkat
	Sent: Monday, March 17, 2008 2:52 PM
	To: David Balazic; Peter Robev
	Cc: support at pidgin.im
	Subject: RE: Password encryption
	
	
	The helpdesk support team will have local admin access in all
the computers. The members will be able to access the profile folders
for all users. In this case, I belive this is a not a secure solution.

________________________________

	From: David Balazic [mailto:David.Balazic at hermes-softlab.com] 
	Sent: Monday, March 17, 2008 9:49 AM
	To: Venkatasamy,Venkat; Peter Robev
	Cc: support at pidgin.im
	Subject: RE: Password encryption
	
	
	Of course.
	YOU can read it.. Noone else can.


________________________________

		From: support-bounces at pidgin.im
[mailto:support-bounces at pidgin.im] On Behalf Of Venkatasamy,Venkat
		Sent: Monday, March 17, 2008 2:35 PM
		To: David Balazic; Peter Robev
		Cc: support at pidgin.im
		Subject: RE: Password encryption
		
		
		I tried encrypting the .purple folder and tested saving
my password in the IM client. When I opened the accounts.xml I found my
password uncrypted.

________________________________

		From: David Balazic
[mailto:David.Balazic at hermes-softlab.com] 
		Sent: Monday, March 17, 2008 9:32 AM
		To: Venkatasamy,Venkat; Peter Robev
		Cc: support at pidgin.im
		Subject: RE: Password encryption
		
		
		It _IS_ secure. This is not some "I wrote it during the
weekend" encryption.
		It is real, tried and tested encryption.
		 
		David


________________________________

			From: support-bounces at pidgin.im
[mailto:support-bounces at pidgin.im] On Behalf Of Venkatasamy,Venkat
			Sent: Monday, March 17, 2008 12:57 PM
			To: Peter Robev; David Balazic
			Cc: support at pidgin.im
			Subject: RE: Password encryption
			
			
			This is not going to help to solve the issue. I
belive David refers to encrypting the .purple directory. But local
administrators of the computer will be able to decrypt the folder and
access the password. This is not a secure workaround.
			 
			i would like to hash the password so it should
not be visible even to the user who stores the password.

________________________________

			From: Peter Robev [mailto:probev at gmail.com] 
			Sent: Saturday, March 15, 2008 9:55 AM
			To: David Balazic
			Cc: Venkatasamy,Venkat; support at pidgin.im
			Subject: Re: Password encryption
			
			
			??????????????
			 
			Where do you see that ???
			
			
			2008/3/15 David Balazic
<David.Balazic at hermes-softlab.com>:
			

				File(Directory) Properties / Advanced
... / Encrypt contents to secure data

________________________________

				From: support-bounces at pidgin.im on
behalf of Venkatasamy,Venkat
				Sent: Fri 14-Mar-08 17:54
				To: support at pidgin.im
				Subject: Password encryption
				
				

				
				We came to know that Pidgin does not
encrypt the users' password when
				they choose "Remember Password" options
in the accounts windows.
				
				Is there any workaround for this as this
will be security issue in any
				organization as local administrators
having access to the .purple
				folder.
				
				Thanks
				Venkat
				
				
				
				
				CONFIDENTIALITY STATEMENT
				This communication and any attachments
are CONFIDENTIAL and may
				be protected by one or more legal
privileges. It is intended
				solely for the use of the addressee
identified above. If you
				are not the intended recipient, any use,
disclosure, copying
				or distribution of this communication is
UNAUTHORIZED. Neither
				this information block, the typed name
of the sender, nor
				anything else in this message is
intended to constitute an
				electronic signature unless a specific
statement to the
				contrary is included in this message. If
you have received this
				communication in error, please
immediately contact me and delete
				this communication from your computer.
Thank you.
				
	
_______________________________________________
				Support mailing list
				Support at pidgin.im
	
http://pidgin.im/cgi-bin/mailman/listinfo/support
				


	
_______________________________________________
				Support mailing list
				Support at pidgin.im
	
http://pidgin.im/cgi-bin/mailman/listinfo/support
				
				


			
________________________________


			

			CONFIDENTIALITY STATEMENT
			This communication and any attachments are
CONFIDENTIAL and may be protected by one or more legal privileges. It is
intended solely for the use of the addressee identified above. If you
are not the intended recipient, any use, disclosure, copying or
distribution of this communication is UNAUTHORIZED. Neither this
information block, the typed name of the sender, nor anything else in
this message is intended to constitute an electronic signature unless a
specific statement to the contrary is included in this message. If you
have received this communication in error, please immediately contact me
and delete this communication from your computer. Thank you. 

			
________________________________


			

		
________________________________


		

		CONFIDENTIALITY STATEMENT
		This communication and any attachments are CONFIDENTIAL
and may be protected by one or more legal privileges. It is intended
solely for the use of the addressee identified above. If you are not the
intended recipient, any use, disclosure, copying or distribution of this
communication is UNAUTHORIZED. Neither this information block, the typed
name of the sender, nor anything else in this message is intended to
constitute an electronic signature unless a specific statement to the
contrary is included in this message. If you have received this
communication in error, please immediately contact me and delete this
communication from your computer. Thank you. 

		
________________________________


		

	
________________________________


	

	CONFIDENTIALITY STATEMENT
	This communication and any attachments are CONFIDENTIAL and may
be protected by one or more legal privileges. It is intended solely for
the use of the addressee identified above. If you are not the intended
recipient, any use, disclosure, copying or distribution of this
communication is UNAUTHORIZED. Neither this information block, the typed
name of the sender, nor anything else in this message is intended to
constitute an electronic signature unless a specific statement to the
contrary is included in this message. If you have received this
communication in error, please immediately contact me and delete this
communication from your computer. Thank you. 

	
________________________________


	

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pidgin.im/pipermail/support/attachments/20080317/37f440b5/attachment.html>


More information about the Support mailing list