Re: Fwd: about accounts file
El día Saturday, August 24, 2013 a las 03:53:21PM -0400, Ethan Blanton escribió: Tres Finocchiaro spake unto us the following wisdom: I've never much understood Pidgins perspective on this. Even base64 is obscure enough to keep a human from reading it over the shoulder. Unless your password is very, very bad, a base64 encoding of the password should be of roughly similar complexity. Therefore, anyone who can remember your password can remember the base64 -- and reverse it. Not sure about this; $ echo password | openssl enc -base64 cGFzc3dvcmQK While one can easy see with a short eye shoot and remember the token 'password', it is not so easy pickup from the screen the token 'cGFzc3dvcmQK'. matthias -- Matthias Apitz | /\ ASCII Ribbon Campaign: www.asciiribbon.org E-mail: g...@unixarea.de | \ / - No HTML/RTF in E-mail WWW: http://www.unixarea.de/ | X - No proprietary attachments phone: +49-170-4527211 | / \ - Respect for open standards ___ Support@pidgin.im mailing list Want to unsubscribe? Use this link: http://pidgin.im/cgi-bin/mailman/listinfo/support
IRC TOR Proxy Settings
I'm unable to get Pidgin working with Freenode IRC using SASL/TOR with Pidgin. On AndChat the IRC client for Android, the settings are listed under SASL (I don't find any SASL in Pidgin, but when adding an IRC server account, there is in the Proxy tab and option TOR Privacy/SOCKS 5 so I am assuming that is the place. In AndChat what works is username (as normal), port 7000, SSL, and for server, the onion address p4fsi4ockecnea7l.onion -- that simple. But in Pidgin there are 3 tabs when adding an IRC account: Basic, Advanced and Proxy. What is confusing is that all 3 of these have boxes for username and two have host or server. Can anyone advise what the correct place to put the values is? 1. Basic tab boxes are: Protocol: IRC Username: my IRC registered username (nick) Server: p4fsi4ockecnea7l.onion Password: the registererd nick password 2. Advanced tab boxes are: Port: 7000 Username: my IRC registered username (nick) Use SSL: ticked (checked) 3. Proxy tab boxes are: Proxy Type: Tor/Privacy (SOCKS 5) Host: 127.0.0.1 (this is where the TOR daemon is listening) Port: 9050 Username: again my IRC registered username (nick) Password: again my username (nick) authentication password. I get an error message: Closing Link: gateway/tor-sasl/account (SASL access only) But I see no place in Pidgin that mentions SASL? ___ Support@pidgin.im mailing list Want to unsubscribe? Use this link: http://pidgin.im/cgi-bin/mailman/listinfo/support
Re: IRC TOR Proxy Settings
BitMessage spake unto us the following wisdom: I'm unable to get Pidgin working with Freenode IRC using SASL/TOR with Pidgin. What version of Pidgin are you using? IRC SASL was not introduced until 2.10.7. I suspect you are using an older version. Ethan ___ Support@pidgin.im mailing list Want to unsubscribe? Use this link: http://pidgin.im/cgi-bin/mailman/listinfo/support
Re: Fwd: about accounts file
Matthias Apitz spake unto us the following wisdom: El día Saturday, August 24, 2013 a las 03:53:21PM -0400, Ethan Blanton escribió: Unless your password is very, very bad, a base64 encoding of the password should be of roughly similar complexity. Therefore, anyone who can remember your password can remember the base64 -- and reverse it. Not sure about this; $ echo password | openssl enc -base64 cGFzc3dvcmQK While one can easy see with a short eye shoot and remember the token 'password', it is not so easy pickup from the screen the token 'cGFzc3dvcmQK'. Right -- if your passwords are *really really bad* and stupid, it matters. If that's the case, though, you need to get new passwords ASAP. My passwords are things like Oj4=puC/8jq, which is of similar complexity to that base64 string. Please reread my original statement. Ethan signature.asc Description: Digital signature ___ Support@pidgin.im mailing list Want to unsubscribe? Use this link: http://pidgin.im/cgi-bin/mailman/listinfo/support
Re: Fwd: about accounts file
El día Sunday, August 25, 2013 a las 09:04:42AM -0400, Ethan Blanton escribió: Right -- if your passwords are *really really bad* and stupid, it matters. If that's the case, though, you need to get new passwords ASAP. My passwords are things like Oj4=puC/8jq, which is of similar complexity to that base64 string. Please reread my original statement. Not really of the same complexity: $ pwgen 8 8 Aishaem9 es1iHaod oiVie3ah daith5Oh IHooZ9Sh ieDao2po oHeepae0 xainaXo5 $ echo iZeetah8 | openssl enc -base64 aVplZXRhaDgK $ echo 'Oj4=puC/8jq' | openssl enc -base64 T2o0PXB1Qy84anEK matthias -- Matthias Apitz | /\ ASCII Ribbon Campaign: www.asciiribbon.org E-mail: g...@unixarea.de | \ / - No HTML/RTF in E-mail WWW: http://www.unixarea.de/ | X - No proprietary attachments phone: +49-170-4527211 | / \ - Respect for open standards ___ Support@pidgin.im mailing list Want to unsubscribe? Use this link: http://pidgin.im/cgi-bin/mailman/listinfo/support
[Fwd: Re: IRC TOR Proxy Settings]
Back to the list... ---BeginMessage--- Hi, yes see my earlier reply just now, but .7 is not working well as all with freenode, it is giving all kinds of problems to login, but .3 just worked and worked (but no tor nor sasl of course). But i'd rather have a working pidgin on irc than nothing. now i'm with nothing due to countless errors e.g. incorrect password, e.g. ssl handshake failed... even when not using proxy tor nor sasl -- so if no one can help me debug this i'd rather go back to .3? thanks all help BitMessage spake unto us the following wisdom: I'm unable to get Pidgin working with Freenode IRC using SASL/TOR with Pidgin. What version of Pidgin are you using? IRC SASL was not introduced until 2.10.7. I suspect you are using an older version. Ethan ---End Message--- ___ Support@pidgin.im mailing list Want to unsubscribe? Use this link: http://pidgin.im/cgi-bin/mailman/listinfo/support
Re: [Fwd: Re: IRC TOR Proxy Settings]
Hi, yes see my earlier reply just now, but .7 is not working well as all with freenode, it is giving all kinds of problems to login, but .3 just worked and worked (but no tor nor sasl of course). But i'd rather have a working pidgin on irc than nothing. now i'm with nothing due to countless errors e.g. incorrect password, e.g. ssl handshake failed... even when not using proxy tor nor sasl -- so if no one can help me debug this i'd rather go back to .3? thanks all help Specify your all kinds of problems and maybe we can fix them. 2.10.3 is a) very old, and b) does not have SASL support. Ethan ___ Support@pidgin.im mailing list Want to unsubscribe? Use this link: http://pidgin.im/cgi-bin/mailman/listinfo/support
Re: Fwd: about accounts file
Matthias Apitz spake unto us the following wisdom: $ echo 'Oj4=puC/8jq' | openssl enc -base64 T2o0PXB1Qy84anEK If your assertion is that someone will remember Oj4=puC/8jq but not T2o0PXB1Qy84anEK, then your argument has descended into the realm of the absurd. To effectively snatch either one they're going to have to either see it for a long time, see it many times, or take some sort of photo/record. Ethan ___ Support@pidgin.im mailing list Want to unsubscribe? Use this link: http://pidgin.im/cgi-bin/mailman/listinfo/support
Re: Fwd: about accounts file
And similarly, if your argument, that all passwords must be difficult to type and must be near impossible to read over the shoulder or else they are REALLY BAD, which in turn makes the user STUPID seems naive and ignorant to any basic practical, efficient, easy to remember methods of memorization. The password: Eth@ngoesoutofh1swaytocr3ategreatpasswords! Is more complex than your example and not subject to a common rainbow attack. In addition, also requires less memorization to retain, since it relies on relational ideas in our of long term memory. To call someone stupid for choosing this password seems a big harsh on a percentage of the population that's going to *better* lengths to secure their data. Stating password1 is stupid is accurate for several reasons, however, does that in turn make all easily retainable passwords stupid as well? I for one tend to choose something closer to a sentence over hard to type and remember character strings? Am I and most people I know doing it wrong? Is there something about passwords WE are naive to? On Aug 25, 2013 12:50 PM, Ethan Blanton e...@pidgin.im wrote: Matthias Apitz spake unto us the following wisdom: $ echo 'Oj4=puC/8jq' | openssl enc -base64 T2o0PXB1Qy84anEK If your assertion is that someone will remember Oj4=puC/8jq but not T2o0PXB1Qy84anEK, then your argument has descended into the realm of the absurd. To effectively snatch either one they're going to have to either see it for a long time, see it many times, or take some sort of photo/record. Ethan ___ Support@pidgin.im mailing list Want to unsubscribe? Use this link: http://pidgin.im/cgi-bin/mailman/listinfo/support ___ Support@pidgin.im mailing list Want to unsubscribe? Use this link: http://pidgin.im/cgi-bin/mailman/listinfo/support
Re: Fwd: about accounts file
El día Sunday, August 25, 2013 a las 12:49:45PM -0400, Ethan Blanton escribió: Matthias Apitz spake unto us the following wisdom: $ echo 'Oj4=puC/8jq' | openssl enc -base64 T2o0PXB1Qy84anEK If your assertion is that someone will remember Oj4=puC/8jq but not T2o0PXB1Qy84anEK, then your argument has descended into the realm of the absurd. To effectively snatch either one they're going to have to either see it for a long time, see it many times, or take some sort of photo/record. I think 'Oj4=puC/8jq' is much easier to memorize due to the fact, that it has 3 groups of 3 chars each: Oj4 puC 8jq, separated by '=' and '/', while the token T2o0PXB1Qy84anEK is much complex to memorize, don't you agree? Btw: I'm fine with storing the pws in clear text in pidgin, because it is a personal computer, and one will not bring them on the screen without knowing why he/she is doing that. matthias -- Matthias Apitz | /\ ASCII Ribbon Campaign: www.asciiribbon.org E-mail: g...@unixarea.de | \ / - No HTML/RTF in E-mail WWW: http://www.unixarea.de/ | X - No proprietary attachments phone: +49-170-4527211 | / \ - Respect for open standards ___ Support@pidgin.im mailing list Want to unsubscribe? Use this link: http://pidgin.im/cgi-bin/mailman/listinfo/support
Using Google Talk associated with university domain
I would like to use Pidgin with an email account provided by my university. The email is @virginia.edu but it is powered by gmail and is basically identical to gmail. I would like to use the Google talk/gchat on Pidgin, but I am unsure how to add the account. Any help you could offer would be greatly appreciated. Thanks, Jack ___ Support@pidgin.im mailing list Want to unsubscribe? Use this link: http://pidgin.im/cgi-bin/mailman/listinfo/support
Re: Using Google Talk associated with university domain
-- Registered Linux User: #480675 Registered Linux Machine: #408606 Linux since June 2005 On Sun, Aug 25, 2013 at 2:27 PM, Jack Blanton jeb...@virginia.edu wrote: I would like to use Pidgin with an email account provided by my university. The email is @virginia.edu but it is powered by gmail and is basically identical to gmail. I would like to use the Google talk/gchat on Pidgin, but I am unsure how to add the account. Any help you could offer would be greatly appreciated. Thanks, Jack ___ Support@pidgin.im mailing list Want to unsubscribe? Use this link: http://pidgin.im/cgi-bin/mailman/listinfo/support Jack, Great a normal gmail account but under username put in the username the university gave you and put in virginia.edu under domain. Wade ___ Support@pidgin.im mailing list Want to unsubscribe? Use this link: http://pidgin.im/cgi-bin/mailman/listinfo/support
Re: Using Google Talk associated with university domain
Jack, I had success doing this: http://klo2k.wordpress.com/2010/05/02/connecting-to-corporate-business-gmail-chat-im-through-pidgin/ The google search term pidgin corporate gmail seemed to isolate the success stories. Hope this helps. On Aug 25, 2013 3:27 PM, Jack Blanton jeb...@virginia.edu wrote: I would like to use Pidgin with an email account provided by my university. The email is @virginia.edu but it is powered by gmail and is basically identical to gmail. I would like to use the Google talk/gchat on Pidgin, but I am unsure how to add the account. Any help you could offer would be greatly appreciated. Thanks, Jack ___ Support@pidgin.im mailing list Want to unsubscribe? Use this link: http://pidgin.im/cgi-bin/mailman/listinfo/support ___ Support@pidgin.im mailing list Want to unsubscribe? Use this link: http://pidgin.im/cgi-bin/mailman/listinfo/support
Re: Fwd: about accounts file
Tres Finocchiaro spake unto us the following wisdom: And similarly, if your argument, that all passwords must be difficult to type and must be near impossible to read over the shoulder or else they are REALLY BAD, which in turn makes the user STUPID seems naive and ignorant to any basic practical, efficient, easy to remember methods of memorization. I didn't call anyone stupid. Pay attention. Your argument here is still wrong and bogus. The password: Eth@ngoesoutofh1swaytocr3ategreatpasswords! You're not going to be able to memorize this in just a second or two looking over someone's shoulder, either. It's hard to parse English sentences without spacing, your brain is going to replace the changed letters automatically, etc. -- so you're going to have to spend a second to memorize and get it right to use it later. Now, you're correct that the base64 of *that* is much harder to memorize, but ... who cares? What are you protecting against? Now you're just throwing straw men up. I'm going to leave off your whole rant about doing passwords right or wrong. I don't care how you choose your password. If it's a good password, it's going to be hard for a third party to memorize in a glimpse. It's also going to be hard to memorize in base64, but all you've done is tricked naive users into thinking their accounts.xml is safe and letting Mallory stare at it as long as he wants. You're on the losing end of this argument. The right solution to this problem is a password manager, not bogus obfuscation. We're LONG overdue for a password manager, but bickering about base64 on the mailing list isn't going to make that happen. Ethan ___ Support@pidgin.im mailing list Want to unsubscribe? Use this link: http://pidgin.im/cgi-bin/mailman/listinfo/support
Re: Fwd: about accounts file
Matthias Apitz spake unto us the following wisdom: I think 'Oj4=puC/8jq' is much easier to memorize due to the fact, that it has 3 groups of 3 chars each: Oj4 puC 8jq, separated by '=' and '/', while the token T2o0PXB1Qy84anEK is much complex to memorize, don't you agree? That's a random accident. The base64 could have been broken up into clusters just as likely as the random string I posted. If you want to exclude all passwords *and* base64s of passwords that might be easily shoulder-surfable based on the mnemonic tricks used by the current observer ... that's a hard problem. Ethan ___ Support@pidgin.im mailing list Want to unsubscribe? Use this link: http://pidgin.im/cgi-bin/mailman/listinfo/support
