Yonatan Amir wrote:
This recent FireSheep business got me wondering - does Pidgin authenticate the MSN protocol with encryption? I use Pidgin on an unencrypted wireless network at school, and I'm worried about some bored individual capturing my credentials. I couldn't find any information that would be useful to me.
Looking at some slightly dated source code, it seems to use the Windows Live ID authentication protocol, which may well be dictated by Microsoft. This seems to at least use hashing. I didn't notice any session key negotiation, so I would suspect that is is vulnerable to dictionary attacks, so you should choose a strong password.
This is based on looking at the code for not much more than 5 minutes, so there might be stronger encryption that I have missed.
-- David Woolley Emails are not formal business letters, whatever businesses may want. RFC1855 says there should be an address here, but, in a world of spam, that is no longer good advice, as archive address hiding may not work. _______________________________________________ Support@pidgin.im mailing list Want to unsubscribe? Use this link: http://pidgin.im/cgi-bin/mailman/listinfo/support
