[Pidgin] #14674: Pidgin passwords unprotected? WHAT?!
Pidgin
trac at pidgin.im
Sat Oct 15 20:42:55 EDT 2011
#14674: Pidgin passwords unprotected? WHAT?!
--------------------------------------------+-------------------------------
Reporter: dksvertix | Owner: rekkanoryo
Type: defect | Status: new
Component: unclassified | Version: 2.10.0
Keywords: passwords unsecure unprotected |
--------------------------------------------+-------------------------------
What kind of moron stores passwords in unprotected, unencrypted, easily to
read text files? '''An encryption of accounts.xml is crucial!'''''''' If
an attacker doesn't know, how to unencrypt the file, then that may save
somebody's life! So amateurs can't access your private data and only
specialists can - this will decrease the attackers amount.
As I understand from reading previous tickets about insecure password
storage, you don't give a sh#$ about privacy at all.
So, since you can't and/or won't encrypt accounts.xml, then, how about
instead writing a huge red warning box under "remember password" box,
telling the user: '''"It's crucial, that you do not select this box, since
everybody can read your passwords from accounts.xml file!"'''
Like is it really that hard to make something as secure as LastPass or
TrueCrypt? Even Google Talk's current password encryption is sufficient.
--
Ticket URL: <http://developer.pidgin.im/ticket/14674>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list