[Pidgin] #4069: Master password function
Pidgin
trac at pidgin.im
Sun Jan 27 20:44:27 EST 2008
#4069: Master password function
--------------------------+-------------------------------------------------
Reporter: Milbauer | Owner:
Type: enhancement | Status: new
Priority: minor | Milestone:
Component: libpurple | Version: 2.3.0
Resolution: | Keywords: password
Pending: 0 |
--------------------------+-------------------------------------------------
Comment (by novakyu):
dharris:
I think you misunderstand---Pidgin stores passwords in cleartext BECAUSE
it has no master password. Unless there is some secret information that
only the user knows (such as master passwords), encryption is useless---
because it's bound to rely on the security of the algorithm or some key
stored on the machine, also known as "security by obscurity".
The compelling reason for "master password" feature, assuming Pidgin
developers wanted to add the feature, is so that we can save passwords
encrypted---this is essentially the way Firefox (or any other application
where passwords can be saved) deals with it; your passwords are saved in
cleartext until you set a master password.
Anyways. If we are voting on features, +1 for master password. It's
annoying to have to type 4 different passwords every time I reboot (or
restart X server). And no, I will never save a password that will be
stored in cleartext.
P.S. BTW, one item on the wiki page is somewhat outdated: some IM system
is very sensitive and should be secure (Google Talk/Mail/Account, anyone?)
and while not saving password is the securest approach, convenience of
being able to type just one password is worth *something*.
--
Ticket URL: <http://developer.pidgin.im/ticket/4069#comment:6>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list