[Pidgin] #2037: Save passwords as md5-hash if supported by protocol
Pidgin
trac at pidgin.im
Wed Jul 25 14:46:50 EDT 2007
#2037: Save passwords as md5-hash if supported by protocol
---------------------------+------------------------------------------------
Reporter: Nightmare | Owner:
Type: enhancement | Status: new
Priority: minor | Milestone:
Component: pidgin (gtk) | Version: 2.0.2
Resolution: | Keywords: md5 hash password
Pending: 0 |
---------------------------+------------------------------------------------
Comment (by Nightmare):
I reconsidered it and i think md5 hashes are not (really) obscuring.
Hases are one-way, widely used (Unix/Linux) and even bruteforce is really
slow (http://www.password-crackers.com/en/articles/15/#p4). [[BR]]
One problem is that there are Rainbow Tables for hashes that are based on
easy passwords.
If you disagree you can also say keyring systems are not secure.
The main problem i agree with is that you can also login with the md5-hash
without knowing the plain-text-password.
(I hope my english is not too bad ;))
--
Ticket URL: <https://developer.pidgin.im/ticket/2037#comment:5>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list