[Pidgin] #2037: Save passwords as md5-hash if supported by protocol

Pidgin trac at pidgin.im
Wed Jul 25 14:46:50 EDT 2007


#2037: Save passwords as md5-hash if supported by protocol
---------------------------+------------------------------------------------
  Reporter:  Nightmare     |       Owner:                   
      Type:  enhancement   |      Status:  new              
  Priority:  minor         |   Milestone:                   
 Component:  pidgin (gtk)  |     Version:  2.0.2            
Resolution:                |    Keywords:  md5 hash password
   Pending:  0             |  
---------------------------+------------------------------------------------
Comment (by Nightmare):

 I reconsidered it and i think md5 hashes are not (really) obscuring.
 Hases are one-way, widely used (Unix/Linux) and even bruteforce is really
 slow (http://www.password-crackers.com/en/articles/15/#p4). [[BR]]
 One problem is that there are Rainbow Tables for hashes that are based on
 easy passwords.

 If you disagree you can also say keyring systems are not secure.

 The main problem i agree with is that you can also login with the md5-hash
 without knowing the plain-text-password.

 (I hope my english is not too bad ;))

-- 
Ticket URL: <https://developer.pidgin.im/ticket/2037#comment:5>
Pidgin <http://pidgin.im>
Pidgin


More information about the Tracker mailing list