[Pidgin] #673: Keyring support for password storage

Pidgin trac at pidgin.im
Fri Feb 10 22:04:29 EST 2012 

#673: Keyring support for password storage
-------------------------+--------------------------------------------------
 Reporter:  shirish      |        Owner:  rlaager  
     Type:  enhancement  |       Status:  new      
Milestone:  3.0.0        |    Component:  libpurple
  Version:  2.0          |   Resolution:           
 Keywords:               |  
-------------------------+--------------------------------------------------

Comment(by Redsandro):

 Thank you '''nodiscc''' for mentioning [https://code.google.com/p/pidgin-
 gnome-keyring/].

 For six million years now - that's about when the first homo erectus
 requested a master password feature to prevent his friends from trolling
 with the quick-look method while he was grabbing the joysticks for a game
 of Caveman Ugh-lympics - the Pidgin team, just like the FileZilla team,
 have ignored security that accounts for 95% of the probable causes: People
 you know and/or people within physical range of your computer when your
 CIA-class encrypted drive is mounted and unlocked anyway.

 And that's the other thing: Only Linux users can setup LUKS or EcryptFS,
 which is like a few nerdpercent of the userbase. And it's only recent that
 it's gotten 'easy'. Only Windows Professional or Ultimate support EFS
 encryption although all non-business laptops and computers are sold with
 Windows Home. Only 5% of the users can set up the Pidgin endorsed high-
 grade security that isn't even effective against 95% of breaches.

 Although I made up all these numbers, I am concerned with the reasoning
 behind the project. Relying on highly experienced nerd-tactics for CIA-
 grade security against the worst of hacker-ninja's from mars is hurting
 the vast majority end users. Those ninja's are not interested in the
 conversations with mom of the majority of users. Siblings, schoolmates,
 collegues, parents, nephews and what not, they are. They will be stopped
 by a master password. And luckily the pidgin-gnome-keyring provedes that
 after six million years. For those that are just nerd enough to use Linux,
 that is.

 This kind of security tactics have a strange sense of rewarding that 1% of
 highly technical users while punishing those that just want to use their
 computer in a mainstream fashion.

 Anyway, the PPA doesn't work out of the box because it was last updated
 for Natty. You can download the .deb file, and it installs just fine on
 Oneiric. :)

-- 
Ticket URL: <http://developer.pidgin.im/ticket/673#comment:34>
Pidgin <http://pidgin.im>
Pidgin

More information about the Tracker mailing list