plain txt passwords in .purple folder
kstange at pidgin.im
Wed Sep 28 06:15:18 EDT 2011
On 09/28/2011 05:02 AM, James Monroe wrote:
> Just a heads up your program stored all my passwords (for pidgin) in
> plain txt in a file in the .purple directory.
We are, of course, aware of this. Please read:
> them for nefarious purposes. hash/md5 or something for the love of all
If we hash your username and password, we can only submit the hashes
back to the server because hashes cannot be transformed back to original
values. This means:
1) If the server accepts them, the hashes are still plain-text login info
2) You cannot login.
What purpose would that serve?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 262 bytes
Desc: OpenPGP digital signature
More information about the Support