plain txt passwords in .purple folder
forums at david-woolley.me.uk
Wed Sep 28 06:18:23 EDT 2011
James Monroe wrote:
> Just a heads up your program stored all my passwords (for pidgin) in
> plain txt in a file in the .purple directory.
The developers believe that anything else would give a false sense of
> Needless to say I uninstalled and will never use again. Please fix this
> for the thousands of other people who don't know to check.
> Lines like ( user name: "actual user name")
> ( user password: " actual password!!")
> should not be appearing in professional programs unless your writing
> them for nefarious purposes. hash/md5 or something for the love of all
Hashing the passwords would make them unusable. Any saved password
needs to be convertable to a form that is a valid credential for the
target service. A one way function would make it unusable for that.
Reversible encryption by an open source program would be trivial
breakable, unless you insisted on a master key that had to be entered
every time the program was started.
Emails are not formal business letters, whatever businesses may want.
RFC1855 says there should be an address here, but, in a world of spam,
that is no longer good advice, as archive address hiding may not work.
More information about the Support