El día Wednesday, September 28, 2011 a las 05:15:18AM -0500, Kevin Stange escribió:
> On 09/28/2011 05:02 AM, James Monroe wrote: > > Just a heads up your program stored all my passwords (for pidgin) in > > plain txt in a file in the .purple directory. > > We are, of course, aware of this. Please read: > > http://developer.pidgin.im/wiki/PlainTextPasswords > > > them for nefarious purposes. hash/md5 or something for the love of all > > things > > holy. > > If we hash your username and password, we can only submit the hashes > back to the server because hashes cannot be transformed back to original > values. This means: > > 1) If the server accepts them, the hashes are still plain-text login info > 2) You cannot login. > > What purpose would that serve? Hello Kevin, Maybe we could use GPG to crypt and store the clear text pw and the user needs a passphrase to unlock the storage, i.e. decrypt it with GPG again. Thanks matthias -- Matthias Apitz t +49-89-61308 351 - f +49-89-61308 399 - m +49-170-4527211 e <g...@unixarea.de> - w http://www.unixarea.de/ _______________________________________________ Support@pidgin.im mailing list Want to unsubscribe? Use this link: http://pidgin.im/cgi-bin/mailman/listinfo/support