Encryption: Change The Way Gaim/Pidgin Store Passwords

For as long as Gaim has been in existence, the passwords you store are in plain text. All can be found in in ~/.gaim/accounts.xml. If you’re on Windows, it might be in your user’s local settings. This can pose as a security risk if you’ve accidentally installed malware, or even have someone snooping around. Gaim’s (now pidgin) makers are fully aware of the problem, but don’t see it as a huge risk. In fact in their F.A.Q they show a clear bias towards Linux, and cite that as the reason they see no need to change the current system. However, if you’re a password freak, then there are some options.

There is a plugin to encrypt gaim passwords. It’s a safe means of password storage and can be installed fairly easily. It operates on the same basic principles Firefox uses to store their passwords. It encrypts them and sets a master password to access them. In fact they even claim to use the same type of encryption as Firefox. According to their site the master password is stored in memory, thus preventing malware programs from ever accessing it. There are of course rare instances where a program can attatch itself to Pidgin and read its memory.

This plugin will work on Windows operating systems, as well as GNU/Linux.