[Pidgin] #16800: Passwords not protected
Pidgin
trac at pidgin.im
Wed Nov 4 05:17:18 EST 2015
#16800: Passwords not protected
---------------------+---------------------------------
Reporter: liar666 | Owner: EionRobb
Type: defect | Status: new
Milestone: | Component: unclassified
Version: 2.10.11 | Keywords: Plaintext Passwords
---------------------+---------------------------------
Using LaZagne, I discovered that Pidgin stores passwords in plain-text.
Looking for a solution to this '''serious''' problem, I found the page:
https://developer.pidgin.im/wiki/PlainTextPasswords
There, I read:
- "Instant messaging is not very secure, and it's kind of pointless to
spend a lot of time adding protections onto the fairly strong file
protections of UNIX (our native platform) when the protocols themselves
aren't all that secure. The way to truly know who you are talking to is to
use an encryption plugin on both ends (such as OTR or pidgin-encryption),
and use verified GPG keys. Secondly, you shouldn't be using your instant
messaging password for anything else."
This argument is totally fallacious: nowadays, most of the IM accounts are
related to more general accounts, like Google(+)/Yahoo/MSN-Skype/... So
leaving accounts passwords exposed in plain text exposes '''a lot more
information''' (personal & professional emails, web search history,
localization data, applications install on mobile devices, etc.) than what
the not-protected IM messaging protocols expose (a few stupid short
messages between acquaintances that are often not even friends IRL)!!!
- "none of these IM applications provide any sort of real password
security <big list of other IM software>"
This argument it also totally fallacious: this is not because there are
plenty of others that do bad things, that we must do the same!!!!!
Otherwise our societies would just be a bunch of people killing other
people.
- Finally, "Store a password(s) behind a password"
there is no argument against this. This is what other software do in
similar situations (Firefox, Thunderbird, etc.) and is what I would like
to see implemented.
--
Ticket URL: <https://developer.pidgin.im/ticket/16800>
Pidgin <https://pidgin.im>
Pidgin
More information about the Tracker
mailing list