Password encryption
David Balazic
David.Balazic at hermes-softlab.com
Mon Mar 17 09:55:54 EDT 2008
ONLY THE OWNING USER CAN DECRYPT THE FILE.
NOONE ELSE CAN.
Sorry for shouting, but...
Just try it, for the love of god !
;-)
________________________________
From: support-bounces at pidgin.im
[mailto:support-bounces at pidgin.im] On Behalf Of Venkatasamy,Venkat
Sent: Monday, March 17, 2008 2:52 PM
To: David Balazic; Peter Robev
Cc: support at pidgin.im
Subject: RE: Password encryption
The helpdesk support team will have local admin access in all
the computers. The members will be able to access the profile folders
for all users. In this case, I belive this is a not a secure solution.
________________________________
From: David Balazic [mailto:David.Balazic at hermes-softlab.com]
Sent: Monday, March 17, 2008 9:49 AM
To: Venkatasamy,Venkat; Peter Robev
Cc: support at pidgin.im
Subject: RE: Password encryption
Of course.
YOU can read it.. Noone else can.
________________________________
From: support-bounces at pidgin.im
[mailto:support-bounces at pidgin.im] On Behalf Of Venkatasamy,Venkat
Sent: Monday, March 17, 2008 2:35 PM
To: David Balazic; Peter Robev
Cc: support at pidgin.im
Subject: RE: Password encryption
I tried encrypting the .purple folder and tested saving
my password in the IM client. When I opened the accounts.xml I found my
password uncrypted.
________________________________
From: David Balazic
[mailto:David.Balazic at hermes-softlab.com]
Sent: Monday, March 17, 2008 9:32 AM
To: Venkatasamy,Venkat; Peter Robev
Cc: support at pidgin.im
Subject: RE: Password encryption
It _IS_ secure. This is not some "I wrote it during the
weekend" encryption.
It is real, tried and tested encryption.
David
________________________________
From: support-bounces at pidgin.im
[mailto:support-bounces at pidgin.im] On Behalf Of Venkatasamy,Venkat
Sent: Monday, March 17, 2008 12:57 PM
To: Peter Robev; David Balazic
Cc: support at pidgin.im
Subject: RE: Password encryption
This is not going to help to solve the issue. I
belive David refers to encrypting the .purple directory. But local
administrators of the computer will be able to decrypt the folder and
access the password. This is not a secure workaround.
i would like to hash the password so it should
not be visible even to the user who stores the password.
________________________________
From: Peter Robev [mailto:probev at gmail.com]
Sent: Saturday, March 15, 2008 9:55 AM
To: David Balazic
Cc: Venkatasamy,Venkat; support at pidgin.im
Subject: Re: Password encryption
??????????????
Where do you see that ???
2008/3/15 David Balazic
<David.Balazic at hermes-softlab.com>:
File(Directory) Properties / Advanced
... / Encrypt contents to secure data
________________________________
From: support-bounces at pidgin.im on
behalf of Venkatasamy,Venkat
Sent: Fri 14-Mar-08 17:54
To: support at pidgin.im
Subject: Password encryption
We came to know that Pidgin does not
encrypt the users' password when
they choose "Remember Password" options
in the accounts windows.
Is there any workaround for this as this
will be security issue in any
organization as local administrators
having access to the .purple
folder.
Thanks
Venkat
CONFIDENTIALITY STATEMENT
This communication and any attachments
are CONFIDENTIAL and may
be protected by one or more legal
privileges. It is intended
solely for the use of the addressee
identified above. If you
are not the intended recipient, any use,
disclosure, copying
or distribution of this communication is
UNAUTHORIZED. Neither
this information block, the typed name
of the sender, nor
anything else in this message is
intended to constitute an
electronic signature unless a specific
statement to the
contrary is included in this message. If
you have received this
communication in error, please
immediately contact me and delete
this communication from your computer.
Thank you.
_______________________________________________
Support mailing list
Support at pidgin.im
http://pidgin.im/cgi-bin/mailman/listinfo/support
_______________________________________________
Support mailing list
Support at pidgin.im
http://pidgin.im/cgi-bin/mailman/listinfo/support
________________________________
CONFIDENTIALITY STATEMENT
This communication and any attachments are
CONFIDENTIAL and may be protected by one or more legal privileges. It is
intended solely for the use of the addressee identified above. If you
are not the intended recipient, any use, disclosure, copying or
distribution of this communication is UNAUTHORIZED. Neither this
information block, the typed name of the sender, nor anything else in
this message is intended to constitute an electronic signature unless a
specific statement to the contrary is included in this message. If you
have received this communication in error, please immediately contact me
and delete this communication from your computer. Thank you.
________________________________
________________________________
CONFIDENTIALITY STATEMENT
This communication and any attachments are CONFIDENTIAL
and may be protected by one or more legal privileges. It is intended
solely for the use of the addressee identified above. If you are not the
intended recipient, any use, disclosure, copying or distribution of this
communication is UNAUTHORIZED. Neither this information block, the typed
name of the sender, nor anything else in this message is intended to
constitute an electronic signature unless a specific statement to the
contrary is included in this message. If you have received this
communication in error, please immediately contact me and delete this
communication from your computer. Thank you.
________________________________
________________________________
CONFIDENTIALITY STATEMENT
This communication and any attachments are CONFIDENTIAL and may
be protected by one or more legal privileges. It is intended solely for
the use of the addressee identified above. If you are not the intended
recipient, any use, disclosure, copying or distribution of this
communication is UNAUTHORIZED. Neither this information block, the typed
name of the sender, nor anything else in this message is intended to
constitute an electronic signature unless a specific statement to the
contrary is included in this message. If you have received this
communication in error, please immediately contact me and delete this
communication from your computer. Thank you.
________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pidgin.im/pipermail/support/attachments/20080317/37f440b5/attachment.html>
More information about the Support
mailing list