James Monroe wrote:
Just a heads up your program stored all my passwords (for pidgin) in
plain txt in a file in the .purple directory.
The developers believe that anything else would give a false sense of
security. http://developer.pidgin.im/wiki/PlainTextPasswords
Needless to say I uninstalled and will never use again. Please fix this
for the thousands of other people who don't know to check.
Lines like ( user name: "actual user name")
( user password: " actual password!!")
should not be appearing in professional programs unless your writing
them for nefarious purposes. hash/md5 or something for the love of all
things
Hashing the passwords would make them unusable. Any saved password
needs to be convertable to a form that is a valid credential for the
target service. A one way function would make it unusable for that.
Reversible encryption by an open source program would be trivial
breakable, unless you insisted on a master key that had to be entered
every time the program was started.
--
David Woolley
Emails are not formal business letters, whatever businesses may want.
RFC1855 says there should be an address here, but, in a world of spam,
that is no longer good advice, as archive address hiding may not work.
_______________________________________________
Support@pidgin.im mailing list
Want to unsubscribe? Use this link:
http://pidgin.im/cgi-bin/mailman/listinfo/support