Pidgin Master Password
This is a Pidgin plugin that stores account passwords encrypted by a master password.
Table of contents
- Security Considerations
- Encryption details
- Building from source
During login the account passwords must be sent to Pidgin/libpuple unencrypted. From there a malicious third-party plugin can collect them quite easily. This is a limitation of libpurple which all password manager and keyring plugins suffer from.
Installation on Windows
Download the ZIP file from the latest release and extract the contents of
pidgin-master-password either to the installation directory of Pidgin
C:\Program Files\Pidgin) or to your .purple user directory
Installation on Linux
If your distribution has the plugin in its repository you can use that. Otherwise you must build the plugin from source.
Installation on MacOS
All operations are done with high-level libsodium functions so that best practices are in place and will be updated with the library.
- From the master password a master key is derived using the Argon2
algorithm which is designed to be slow and memory-consuming in order to
prevent brute-force attacks. The security level choice corresponds to the
crypto_pwhash_MEMLIMIT_*constants of libsodium.
- This master key is used to encrypt the account passwords with XChaCha20-Poly1305. This algorithm is equally secure as AES256-GCM but harder to mess up.
- To verify the master password a hash of the master key is stored.
- The master key is protected in memory as good as possible by using libsodium's Guarded heap allocations.
Building from source
Building on Windows
In order to build the plugin for Windows an already-compiled source tree of
Pidgin is required. Please see the Pidgin for Windows Build Instructions
for details. Note that you must install
Strawberry Perl as it is optional
for Pidgin but not for this plugin. The pidgin-windev script does all
Additionally you need to download libsodium-1.0.18-mingw.tar.gz and
extract it into
win32-dev/libsodium-1.0.18-mingw (the subdirectory must be
After that you need to create a file named
local.mak that points to the
Pidgin source tree, e.g.:
Now you can build the plugin:
make -f Makefile.mingw
Building on Linux
To install the plugin on Linux you need to extract a release tarball and compile it from source:
sudo apt install pidgin-dev libsodium-dev ./configure make sudo make install
Note: By default the plugin will be installed to
/usr/local. If you
installed Pidgin through your package manager, it is most likely installed into
which pidgin returns
./configure --prefix=/usr in this case.
Note: When you use the repository directly or one of those auto-generated
"Source code" archives, you need to run
./autogen.sh before running
Building on MacOS
For building on MacOS Homebrew must be installed on the system. To build the plugin you need to extract a relase tarball and compile it from source:
Install runtime and build dependencies:
brew install pidgin libsodium brew install intltool automake libtool pkg-config
libffiare not installed system-wide so we must point the build system to the correct paths:
export PATH="/usr/local/opt/gettext/bin:$PATH" export LDFLAGS="-L/usr/local/opt/gettext/lib" export CPPFLAGS="-I/usr/local/opt/gettext/include" export ACLOCAL_PATH="/usr/local/opt/gettext/share/aclocal" export PKG_CONFIG_PATH="/usr/local/opt/libffi/lib/pkgconfig"
This must be done in every new shell session. Therefore I normally put those in an
environmentfile which I then load with
Configure, compile and install:
./configure make make install
We love patches.
You could also help translating this project on Transifex.