plain txt passwords in .purple folder
Kevin Stange
kstange at pidgin.im
Wed Sep 28 06:15:18 EDT 2011
On 09/28/2011 05:02 AM, James Monroe wrote:
> Just a heads up your program stored all my passwords (for pidgin) in
> plain txt in a file in the .purple directory.
We are, of course, aware of this. Please read:
http://developer.pidgin.im/wiki/PlainTextPasswords
> them for nefarious purposes. hash/md5 or something for the love of all
> things
> holy.
If we hash your username and password, we can only submit the hashes
back to the server because hashes cannot be transformed back to original
values. This means:
1) If the server accepts them, the hashes are still plain-text login info
2) You cannot login.
What purpose would that serve?
Kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://pidgin.im/pipermail/support/attachments/20110928/838bce62/attachment.sig>
More information about the Support
mailing list