Plaintext passwords in Gaim

Adam Conrad adconrad at ubuntu.com
Fri Dec 15 05:38:21 UTC 2006


Anthony Yarusso wrote:
> I noticed quite some time ago that gaim stores account passwords in
> plaintext (~/.gaim/accounts.xml).  Is there any way around this?
> Digest-style authentication of some sort?

~/.gaim isn't world-readable, so it's safe from prying eyes of other
users on your system.

As for rogue applications running as YOU and stealing the passwords, I'm
not sure how garbling the passwords would help.  GAIM would still need
to ungarble them to send them over the wire, so the (very simple)
algorithm to do that would obviously be public.  Having them unreadable
may give you a false sense of security, but I could still read them
anyway, so you would have gained nothing.

... Adam




More information about the ubuntu-users mailing list