[Pidgin] #2037: Save passwords as md5-hash if supported by protocol
Pidgin
trac at pidgin.im
Thu Jul 5 14:06:53 EDT 2007
#2037: Save passwords as md5-hash if supported by protocol
---------------------------+------------------------------------------------
Reporter: Nightmare | Owner:
Type: enhancement | Status: new
Priority: minor | Milestone:
Component: pidgin (gtk) | Version: 2.0.2
Resolution: | Keywords: md5 hash password
Pending: 0 |
---------------------------+------------------------------------------------
Comment (by 603729):
http://developer.pidgin.im/wiki/PlainTextPasswords[[BR]]
"Obscure a password. This means we do something to store the password in
some format other than plain text, but we automatically convert it for
you. This is security by obscurity, and is a Very Bad ThingTM in that it
gives users a false sense of security that we (Pidgin, Finch, and
libpurple developers) believe would be worse to have than to let informed
users deal with the password issue themselves. Consider that a naive user
might think that it is safe to share his or her accounts.xml, because the
passwords are "encrypted"."
In principle your right, but I fully agree with the opinion stated above.
It really increases the feeling of security, which is simply a fault.
I really don't mind about non-encrypted passwords in Pidgin :)
--
Ticket URL: <http://developer.pidgin.im/ticket/2037#comment:3>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list