password encription

Ethan Blanton elb at pidgin.im
Wed Nov 11 15:34:34 EST 2009


Pavle Zivkovic spake unto us the following wisdom:
> Hi everyone,
> 
> I'm writing to you for the first time. I just wanted to ''notify" (although
> I suppose that everyone knows that already) that pidgin, even though it is *THE
> BEST* IM program that I have seen (and i've been using quite a few of them),
> has one big... no, not big... HUUUUUUUUUUUGE flaw... Namely (for win users)
> go to folder: C:\Users\<USERNAME>\AppData\Roaming\.purple\ and open file
> named: *accounts.xml*
> Unfortunately you (and everyone else that has access to your computer) will
> be able to *SEE ALL OF YOUR USERNAMES AND PASSWORDS KEPT NON-ENCRYPTED IN
> .XML FILE.* (sorry for the capital letters, but I wanted to emphasize the
> magnitude of the problem)

PLEASE READ THE FAQ.

Sorry for the capital letters, but I wanted to emphasize the magnitude
of the total lack of a problem here.

> It is totally unnecessary to explain why it is a problem, I just wanted to
> know if there is any plan for the issue to be resolved in the near future,
> as I noticed it in even in early 2.xx versions and it haven't been addressed
> throughout the versions (today i am using 2.6.3).

Neither will I explain why it is not at all a problem.

Ethan

-- 
The laws that forbid the carrying of arms are laws [that have no remedy
for evils].  They disarm only those who are neither inclined nor
determined to commit crimes.
		-- Cesare Beccaria, "On Crimes and Punishments", 1764
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 481 bytes
Desc: Digital signature
URL: <http://pidgin.im/pipermail/support/attachments/20091111/266a2ab6/attachment.sig>


More information about the Support mailing list