Pidgin Password Encryption

( introduction | download | screenshots | details )

Password Encryption for Pidgin

^ Introduction ^

This patch was written some time ago to add to Gaim the facility of setting a 'master password' which is used to encrypt all the saved passwords before writing them to disk. Without this patch, ~/.pidgin/accounts.xml stores the passwords in plain text. Since that time, Gaim changed its name to Pidgin, and the code base has moved on. The patch probably no longer applies cleanly.

This FAQ entry explains why Pidgin currently doesn't offer password encryption, and offers 4 possible approaches that can be taken. The patch provided here implements something like approach 1, but without prompting for the master password every time it is needed.

The master password is held in memory while Pidgin is running, meaning it can be stolen if the attacker is able to attach to the Pidgin process with a debugger. My main concern is that the passwords aren't stealable while Pidgin isn't running. I run Pidgin from a USB thumb drive which I carry with me, and this patch means that I can store my passwords without worrying about them being stolen if I lose the thumb drive.

^ Download ^

Download the patch here: master-password.patch

The patch was made against the svn code, revision 18188.

Windows installers are also available:

with GTK bundled (10.4MB):
gaim-2.0.0-svn.exe
without GTK bundled (5.23MB):
gaim-2.0.0-svn-no-gtk.exe

^ Screenshots ^

initially, passwords are stored unencrypted, as before; to enable encryption, set a master password from the 'security' tab of the preferences:

specify the master password twice and click OK to set it; all currently stored passwords will be encrypted in the accounts.xml file:

the next time Pidgin is run a prompt will request the master password; the buddy list will remain empty until it is typed:

when the master password has been entered correctly, accounts set to auto-logon will start connecting:

once set, the master password can be changed or cleared using the security tab of the preferences:

to change the master password, the current master password must be entered:

if the master password has been forgotten, there is the option of clearing it, and deleting all encrypted passwords:

^ Details ^

Passwords are encrypted using the mozilla NSS library which pidgin already ships with. The encryption is done using the AES algorithm and a 256 bit key. Passwords are padded before encryption to 20 characters if they are originally shorter than that. This prevents an attacker from spotting short weak passwords by checking the length of the encrypted passwords in the accounts.xml file.

Where previously accounts.xml may have looked like this:

<protocol>prpl-jabber</protocol>
<name>dooglus@gmail.com</name>
<password>pa$$word</password>

It will now look like this, if a master password has been set:

<protocol>prpl-jabber</protocol>
<name>dooglus@gmail.com</name>
<encrypted_password>ec651d4ec001beef48b3c50824823a7c0c
  95b6befa080b24347197dec2fb5692878c39be314156ea202eb1
  a926535897</encrypted_password>

dooglus > pidgin patches