[Nottingham] gpgpwd - keeping a commandline passwords list
James Moore
jmthelostpacket at googlemail.com
Mon Jun 18 21:40:34 UTC 2012
On 18/06/2012 20:25, Mike Cardwell wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On 18/06/12 20:15, Paul Tew wrote:
>
>> Here's my take on this from a forensic analysts point of view...
>>
>> * stored on clipboard = stored on disk (probability high) *
>> clipboard entry stored for 10 seconds and then deleted =
>> recoverable
>>
>> The safest option is to make sure your underlying filesystem is
>> encrypted - I use the LUKS extensions to cryptsetup
> I don't think that the clipboard is ever synced to disk... Unless
> you're thinking of swap? Anyway, I already use full disk encryption
> and don't have a swap partition so I should be ok.
>
FDE works on the swap partition as well (as long as it's on the same LVM
stack or physical disk as the root partition). Apart from that, in my
experience you can encrypt the swap partition in Windows 7 with no third
party software, but I prefer to use something like TrueCrypt and give it
the whole brick. Triple cascade, 256-bit AES-Twofish-Serpent using XTS
method and Whirlpool hash. With the passphrase I use on my netbook,
that's 6.8x10^144 P90-years of bruteforce strong, there is no recovery
disc (deliberately) and the only place the passphrase exists is in my head.
The (Windows) clipboard cache is usually in a reserved space in RAM,
though it is treated like any other part of the RAM subsystem and cached
to disk on occasion, such as when the system runs out of memory. Most
word processors (read: typesetters) create temporary files when there is
something in the clipboard cache, which contain a format-compatible copy
of whatever's in the clipboard. All this does is speed up the pasting
process (though with the speed of systems these days it's a bit
redundant I think so it's a "feature" that should be deprecated for
security's sake).
On topic, I can't quite see the logic in encrypting just one or two
files, particularly on a portable system, rather than locking the entire
disk so without the proper credentials there is no way whatsoever to
gain any useful information. Maybe it's just me.
More information about the Nottingham
mailing list