plain txt passwords in .purple folder

Kevin Stange kstange at
Wed Sep 28 06:15:18 EDT 2011

On 09/28/2011 05:02 AM, James Monroe wrote:
> Just a heads up your program stored all my passwords (for pidgin) in
> plain txt in a file in the .purple directory.

We are, of course, aware of this.  Please read:

> them for nefarious purposes. hash/md5 or something for the love of all
> things
> holy.

If we hash your username and password, we can only submit the hashes
back to the server because hashes cannot be transformed back to original
values.  This means:

 1) If the server accepts them, the hashes are still plain-text login info
 2) You cannot login.

What purpose would that serve?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Support mailing list