raoergsls / miranda

Automatically exported from code.google.com/p/miranda
0 stars 1 forks source link

master password function to protect account passwords #1196

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
There currently is no modern way to encrypt the stored passwords let alone the 
database in miranda. Secure VirtDB was last updated in June of 2006 and mmap_sa 
was last touched in June of 2008. After these many years who can feel 
comfortable with these solutions considering sizable role in the function of 
miranda. 

I understand the prospective of the Pidgin group 
(http://developer.pidgin.im/wiki/PlainTextPasswords) and others that you should 
not store sensitive passwords in a system like this but with so many services 
using single sign on (gmail and most company's for instance) use the same 
password for many services and its not super practical to type 8 or so account 
passwords every time you open miranda. The need is stronger for users like my 
self that store their configs in services like Dropbox. 

Please consider offering just a basic profile master password function like 
Firefox/Thunderbird which unlocks the individual account passwords. 

Original issue reported on code.google.com by VictusVerto@gmail.com on 8 Dec 2010 at 12:18

GoogleCodeExporter commented 9 years ago

Original comment by sami%mir...@gtempaccount.com on 8 Dec 2010 at 7:42

GoogleCodeExporter commented 9 years ago
We will not add true encryption to Miranda core as there are legal issues with 
that - Government source code reviews, compliance with embargo's, etc. 

Although this year it seems this requirement was lifted for encryption used for 
authentication purposes. Maybe we can pass password encryption, as such. The 
other option is to use low grade encryption (< 56 bits).

What 3rd party plugin developers are doing and compliance method they choose to 
use is their issue.

Original comment by borkra on 16 Dec 2010 at 2:02

GoogleCodeExporter commented 9 years ago
I think simple password encryption would be a big win and I would strongly 
encourage the Miranda team to consider that option. I think that is 90% of the 
way to whats needed at 10% of the cost.

Original comment by VictusVerto@gmail.com on 12 Jan 2011 at 4:58

GoogleCodeExporter commented 9 years ago
It would be nice to permit to connect an external password manager such as 
Keepass for example (thru the plugin mechanism if it's possible) : Miranda 
delegates password storing to another tool (no legal issues).

Original comment by cgir...@dsirc.net on 26 Aug 2011 at 1:28