[Pidgin] #4069: Master password function

Pidgin trac at pidgin.im
Sun Jan 27 20:44:27 EST 2008

#4069: Master password function
  Reporter:  Milbauer     |       Owner:          
      Type:  enhancement  |      Status:  new     
  Priority:  minor        |   Milestone:          
 Component:  libpurple    |     Version:  2.3.0   
Resolution:               |    Keywords:  password
   Pending:  0            |  
Comment (by novakyu):


 I think you misunderstand---Pidgin stores passwords in cleartext BECAUSE
 it has no master password. Unless there is some secret information that
 only the user knows (such as master passwords), encryption is useless---
 because it's bound to rely on the security of the algorithm or some key
 stored on the machine, also known as "security by obscurity".

 The compelling reason for "master password" feature, assuming Pidgin
 developers wanted to add the feature, is so that we can save passwords
 encrypted---this is essentially the way Firefox (or any other application
 where passwords can be saved) deals with it; your passwords are saved in
 cleartext until you set a master password.

 Anyways. If we are voting on features, +1 for master password. It's
 annoying to have to type 4 different passwords every time I reboot (or
 restart X server). And no, I will never save a password that will be
 stored in cleartext.

 P.S. BTW, one item on the wiki page is somewhat outdated: some IM system
 is very sensitive and should be secure (Google Talk/Mail/Account, anyone?)
 and while not saving password is the securest approach, convenience of
 being able to type just one password is worth *something*.

Ticket URL: <http://developer.pidgin.im/ticket/4069#comment:6>
Pidgin <http://pidgin.im>

More information about the Tracker mailing list