5

So I've been using truecrypt for several years now. About 6 months ago before I learned off my password (it was really long and I didn't want it vulnerable to word-lists) I used to copy and paste it from a text file.

I don't have swap space enabled but I was wondering would my password be recoverable? I used srm on the text-file and I did an sfill on the file-system so that should remove it from the file-system does anyone know if the clipboard is stored on the hard disk or the ram? any thoughts?

Videonauth
  • 33,815
Ben Dover
  • 51

2 Answers2

3

After seeing the curious post I decided to do a little research. It appears that in any windowing system (e.g. X windows, etc) you have a common space that holds the contents of the clipboard. As such, it is available to any program that can pull from the clipboard. As such, I would expect the clipboard to be just as insecure as any other input device with the caveat being that it is going to be worse than, say, a keyboard. For example, suppose Malware was installed on your computer that could read your keystrokes anything you type would be insecure. I see no reason some other malware couldn't just access the clipboard periodically to check for contents. While that would be a decidedly less efficient way of swiping your password it could get at your bits and bytes.

https://github.com/astrand/xclip/blob/master/README

https://en.wikipedia.org/wiki/X_Window_selection

I am no expert on this stuff so I welcome anyone else's better answer. Just about everything I said above is quite speculative.

buzzlms
  • 39
0

The clipboard seems readable by any program, so as long as you trust your OS & programs it should be safe enough - KeePass uses the clipboard, I think LastPass does too? If you're running malware you're already "hooped."

But I don't think the clipboard is routinely written to a file (unless you run a clipboard manager / saving program like ClipMan) but there are a lot of different desktops... I think XFCE & Gnome / Unity don't.

The far greater security risk is saving your passphrase to a plain text file in the first place. Should've used a program like KeePass or LastPass, or piped an echo to gpg & save it encrypted, then only decrypt to screen/console or extract to ram (ramfs, or tmpfs if no swap - fun fact: tmpfs can be swapped ).

shred isn't guaranteed to overwrite a file, and I wouldn't expect srm to be better. And on flash memory (SSD, USB pendrive, etc) any sector can be internally remapped at any time, even filling the whole drive you may never be sure anything is truly overwritten.

Xen2050
  • 8,943