[Pidgin] PlainTextPasswords modified
Pidgin
trac at pidgin.im
Wed Jan 9 14:22:44 EST 2019
Page "PlainTextPasswords" was changed by EionRobb
Diff URL: <https://developer.pidgin.im/wiki/PlainTextPasswords?action=diff&version=22>
Revision 22
Changes:
-------8<------8<------8<------8<------8<------8<------8<------8<--------
Index: PlainTextPasswords
=========================================================================
--- PlainTextPasswords (version: 21)
+++ PlainTextPasswords (version: 22)
@@ -1,8 +1,8 @@
= Plain Text Passwords =
-Libpurple 2 stores passwords unencrypted in the {{{accounts.xml}}} file. This is somewhat controversial in Windows, where file permissions have traditionally been more open, but that's the way things are. Libpurple 3 supports encrypted keyrings (see [[KeyringSupport]]).
+Libpurple 2 stores passwords unencrypted in the {{{accounts.xml}}} file. This is somewhat controversial in Windows, where file permissions have traditionally been more open, but that's the way things are. (Libpurple 3 supports encrypted keyrings, see [[KeyringSupport]] - You might find 3rd party Libpurple 2 plugins for keyring support at [[ThirdPartyPlugins#SecurityandPrivacy]]).
-The reasoning for this is multi-part.
+The reasoning for storing passwords in plain text is multi-part.
Instant messaging is not very secure, and it's kind of pointless to spend a lot of time adding protections onto the fairly strong file protections of UNIX (our native platform) when the protocols themselves aren't all that secure. The way to truly know who you are talking to is to use an encryption plugin on both ends (such as OTR or pidgin-encryption), and use verified GPG keys. Secondly, you shouldn't be using your instant messaging password for anything else. While some protocols have decent password security, others are insufficient and some (like IRC) don't have any at all.
-------8<------8<------8<------8<------8<------8<------8<------8<--------
--
Page URL: <https://developer.pidgin.im/wiki/PlainTextPasswords>
Pidgin <https://pidgin.im>
Pidgin
This is an automated message. Someone added your email address to be
notified of changes on 'PlainTextPasswords' page.
If it was not you, please report to datallah at pidgin.im.
More information about the Wikiedit
mailing list