[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Weechat-dev] [task #7395] Passwords, aliases and.. encryption?

From: Claudio M. Alessi
Subject: [Weechat-dev] [task #7395] Passwords, aliases and.. encryption?
Date: Fri, 19 Oct 2007 09:25:40 +0000
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20070723 Iceweasel/ (Debian-


                 Summary: Passwords, aliases and.. encryption?
                 Project: Wee Enhanced Environment for Chat
            Submitted by: smoppy
            Submitted on: Friday 10/19/2007 at 09:25
                Category: configuration file
         Should Start On: Friday 10/19/2007 at 00:00
   Should be Finished on: Wednesday 11/14/2007 at 00:00
                Priority: 5 - Normal
                  Status: None
                 Privacy: Public
        Percent Complete: 0%
             Assigned to: None
         Originator Name: 
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
                IRC nick: claudio`



I was playing a bit with the WeeChat aliases and i was wondering if would be
useful to have encrypted passwords. The answer is yes, to me. Clean passwords
are *never* a good thing, even if decryption is needed before send them. Also
i have to power off my monitor before run the "/alias" command in order to
hide my passwords from some alias i made (we won't presents our passwords to
spy users, right? :-)).

Another thing i think can be used is a new server-specified option which
include the password, possibly crypted (maybe with crypt(3) or encrypt(3)).
This can be accessed by providing a global variable (at least for the server
options and aliases). This approach can improve a bit the password management
on WeeChat since we only have to set the password (crypted) in one place and
then use the global variable to put it everywhere in the configuration. As
example, suppose the global variable is called "$svrpwd", the *_server_command
value may change from:

   "/msg NickServ identify MyCleanPassword"

   to a simple and "unspyable"

   "/msg NickServ identify $svrpwd"

Now suppose we have to write the aliases "/ghost" and "/idchans". The 1st
which kill the ghost, change the nick and identify us again into the server,
the 2nd which identify us into every channel we are in list. Without encrypted
password (and consequently without $svrpwd global variable) the only way to do
this (exluding plugins) is to do something like this:

   "/alias GHOST /msg NickServ ghost MyNickName MyPassword ; /nick MyNickName
; /msg NickServ identify MyPassword"
   "/alias IDCHANS /msg ChanServ identify #MyChan1 MyPassword ; /msg ChanServ
identify #MyChan2 Mypassword ; .. ; and so on"

This way, everytime you get the aliases list by typing "/alias", everyone
hiding behind you (:D) can read your passwords.. easily.

This why i propose to add on WeeChat the following:

   o Server option *_server_password_crypted;
   o A global variable containing the value of the
     this options (the crypted password)

It's implicit that the password have to be decrypted before use.

If you think a plugin can be a better solution, just ignore this item.
However such feature should be provided with the WeeChat core or with a
compilation option like "--encrypted-passwords" (which i don't like, really),
i think.

PS: sorry for my english and THX to provide us a good software as  WeeChat

Claudio M.


Reply to this item at:


  Message sent via/by Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]