Encryption: Change The Way Gaim/Pidgin Store Passwords

May 24th, 2007 - By:  Alex Bailey

1 Comment   | del.icio.us | E-Mail This Post/Page EMail Post | Print This Post/PagePrint Post

For as long as Gaim has been in existence, the passwords you store are in plain text. All can be found in in ~/.gaim/accounts.xml. If you're on Windows, it might be in your user's local settings. This can pose as a security risk if you've accidentally installed malware, or even have someone snooping around. Gaim's (now pidgin) makers are fully aware of the problem, but don't see it as a huge risk. In fact in their F.A.Q they show a clear bias towards Linux, and cite that as the reason they see no need to change the current system. However, if you're a password freak, then there are some options.

There is a plugin to encrypt gaim passwords. It's a safe means of password storage and can be installed fairly easily. It operates on the same basic principles Firefox uses to store their passwords. It encrypts them and sets a master password to access them. In fact they even claim to use the same type of encryption as Firefox. According to their site the master password is stored in memory, thus preventing malware programs from ever accessing it. There are of course rare instances where a program can attatch itself to Pidgin and read its memory.

Pidgin / Gaim

This plugin will work on Windows operating systems, as well as GNU/Linux.

Related posts:

  • A Windows Installer For Ubuntu
  • 5 Windows Vista Secrets You Must Know
  • Free Linux Disks Project Crashing Under Pressure
  • Opensource Democracy Player Updated
  • FYE Bait And Switching The Wii
    • Trackback | Comments RSS | Leave a comment

    • 1. raj  |  March 25th, 2008 @ 9:19 AM |  Add karma Subtract karma  +0

      thanks for pointing this out. Sad that even in this day and age, we trust idiot developers who couldnt care less about our security.

    Leave a comment

    (Required)

    (Required), hidden

    (Not required)