This is a Pidgin plugin that stores account passwords encrypted by a master password.
If you find security relates issues please send a private (possibly PGP encrypted) e-mail to kgraefe@paktolos.net.
During login the account passwords must be sent to Pidgin/libpuple unencrypted. From there a malicious third-party plugin can collect them quite easily. This is a limitation of libpurple which all password manager and keyring plugins suffer from.
Download the ZIP file from the latest release and extract the contents of
pidgin-master-password either to the installation directory of Pidgin
(typically C:\Program Files\Pidgin) or to your .purple user directory
(typically %APPDATA%\Roaming\.purple).
Optionally: If you use a password manager's auto-type function to fill in the
master password you may need to update Gtk+ as the version shipped with Pidgin
does not allow that. Simply extract
gtk+-bundle_2.24.10-20120208_win32.zip (SHA256
f5ce173f50690c2dc7fa91b9b5c80c7422cde3ee23610b53e0929557dd8ee67e) into the
Gtk directory in Pidgin's installation directory (e.g. C:\Program Files (x86)\Pidgin\Gtk).
If your distribution has the plugin in its repository you can use that. Otherwise you must build the plugin from source.
On MacOS this plugin is tested on Pidgin installed through Homebrew only. Use my pidgin-plugins brew tab to install it.
All operations are done with high-level libsodium functions so that best practices are in place and will be updated with the library.
- From the master password a master key is derived using the Argon2
algorithm which is designed to be slow and memory-consuming in order to
prevent brute-force attacks. The security level choice corresponds to the
crypto_pwhash_OPSLIMIT_*andcrypto_pwhash_MEMLIMIT_*constants of libsodium. - This master key is used to encrypt the account passwords with XChaCha20-Poly1305. This algorithm is equally secure as AES256-GCM but harder to mess up.
- To verify the master password a hash of the master key is stored.
- The master key is protected in memory as good as possible by using libsodium's Guarded heap allocations.
In order to build the plugin for Windows an already-compiled source tree of
Pidgin is required. Please see the Pidgin for Windows Build Instructions
for details. Note that you must install Strawberry Perl as it is optional
for Pidgin but not for this plugin. The pidgin-windev script does all
that.
Additionally you need to download libsodium-1.0.18-mingw.tar.gz and
extract it into win32-dev/libsodium-1.0.18-mingw (the subdirectory must be
created).
After that you need to create a file named local.mak that points to the
Pidgin source tree, e.g.:
PIDGIN_TREE_TOP=$(PLUGIN_TOP)/../../pidgin-2.12.0
Now you can build the plugin:
make -f Makefile.mingw
To install the plugin on Linux you need to extract a release tarball and compile it from source:
sudo apt install pidgin-dev libsodium-dev
./configure
make
sudo make install
Note: By default the plugin will be installed to /usr/local. If you
installed Pidgin through your package manager, it is most likely installed into
/usr (i.e. which pidgin returns /usr/bin/pidgin). Use ./configure --prefix=/usr in this case.
Note: When you use the repository directly or one of those auto-generated
"Source code" archives, you need to run ./autogen.sh before running
./configure.
For building on MacOS Homebrew must be installed on the system. To build the plugin you need to extract a relase tarball and compile it from source:
-
Install runtime and build dependencies:
brew install pidgin libsodium brew install intltool automake libtool pkg-config -
In Homebrew
gettextandlibffiare not installed system-wide so we must point the build system to the correct paths:export PATH="/usr/local/opt/gettext/bin:$PATH" export LDFLAGS="-L/usr/local/opt/gettext/lib" export CPPFLAGS="-I/usr/local/opt/gettext/include" export ACLOCAL_PATH="/usr/local/opt/gettext/share/aclocal" export PKG_CONFIG_PATH="/usr/local/opt/libffi/lib/pkgconfig"This must be done in every new shell session. Therefore I normally put those in an
environmentfile which I then load withsource environment. -
Configure, compile and install:
./configure make make install
We love patches. ❤️ Please fork the project, do your changes and make a pull request.
You could also help translating this project on Transifex.