Yes, but hiding it still has a purpose. Imagine this: - you open the config file in editor (for whatever purpose) - someone walks by and sees your stored password
A good and simple way to avoid this is: - pidgin creates a secret key and stores it by itself into a file - all stored passwords are encrypted in the config file(s) with this key This prevents the above scenario. And works. Regards, David > -----Original Message----- > From: Etan Reisner [mailto:[EMAIL PROTECTED] > Sent: Monday, March 17, 2008 4:25 PM > To: Venkatasamy,Venkat > Cc: Peter Robev; David Balazic; [email protected] > Subject: Re: Password encryption > > On Mon, Mar 17, 2008 at 07:57:14AM -0400, Venkatasamy,Venkat wrote: > <snip> > > i would like to hash the password so it should not be > visible even to > > the user who stores the password. > > Hashing the password doesn't make it not visible to people, > it just makes > the hash visible instead of the plaintext version, but the > hashed version > is good enough to log in to the account anyway. You would just need to > stick it into your own copy of pidgin's accounts.xml file on > your local > machine and click Enable. Similarly, it is trivial to modify pidgin to > print out the unhashed version of the password instead of > using it (or to > rip out the unhashing code from pidgin and run it yourself). > > -Etan > _______________________________________________ Support mailing list [email protected] http://pidgin.im/cgi-bin/mailman/listinfo/support
