Clipboard Password Attack

When we use any secure service and copying a password from a password manager like KeepassXC, the password is stored in your OS clipboard manager, unencrypted. Once the password is there, it is susceptible to be attacked.

On Linux as far as I understand all system processes have access to the clipboard and potential access to any temporarily stored password or text.

I do acknowledge that the machine may need to be compromised for such an attack to occur, however there is also an issue from a malicious browser script that may be able to access the clipboard without the machine being compromised.

The question; is there a way to encrypt the clipboard to prevent such an attack vector? Why in this day and age with all the knowledge we have from Wikileaks and Snowden, that the clipboard is not encrypted?

bitwarden has option to delete passwords from your clipboard

Sure, so does KeepassXC, but that isn’t really what I mean. I mean, is there a way to have an encrypted clipboard. Just generally, not through a 3rd party app like a password manager.

1 Like

well, in xfce there is option to show clipboard so u can show it and make sure u keep it clean or make it save nothing or even get little gpg key and encrypt it manual i mean get what you want to encrypt (text) and add it in gpg encrypt it then save it in clipboard

OR(it might help you like 50% but yeah)

It’s not exactly the same, but this could prevent an attack like this, I think.

keyloggers (not)= clipboard attack but yeah it kinda same as you said

Do you mean Keepass or KeepassXC? I checked KeepassXC and can’t see the security setting you mention here.

sadly no solution to keyloggers, but as much as possible I would still like to have my clipboard encrypted by default when I login.

I was thinking something like, you login with your un/pw and this pw automatically encrypts the clipboard for that session.

Someone should write a script for this

1 Like

I just checked for both forks and none of those options is available, maybe he was using Windows?

I found this article about how the “clipboard” functions.

did i hear script ? :joy:

it just unclear what exactly you want, encrypt it by your own password or end to end or what also maybe that idea will be possible i mean i already worked on project that encrypt data before send it to database (in JS th) but who know maybe i can do same on python!

He wants a way to encrypt whatever is copied on his clipboard, because at that time the password is unencrypted.

this, exactly this.

Using a program/script that is loaded on startup, and uses your user login password for the PGP encryption/decryption function. The idea is that this small program is obscured, you don’t need to think about it, it just works as a background process automatically encrypting everything that is copied to and from the clipboard.

Example: I copy text from a document, then past into web browser email window -> the plaintext of the doc on my machine is copied, encrypted, and then upon paste, decrypted again.

Why would we need this? Simply because of the security threats we may not know about. Anything copied to the clipboard is able to be accessed by any process running on your system (talking linux here) and thus, a malicious script in your browser could access your email login password/un or any other data (i think this is possible).

To prevent this snooping -> encrypted clipboard.

I don’t know and maybe I’m wrong, but I that encrypting whatever you copy/paste may do things a bit slower, so I think a special right click with some option like “copy encrypted text” would be better. Still, there’s no such thing so I’m just daydreaming.

I found something like what I’m after, but not exactly

I tried installing it, didn’t work. Maybe it needs to be forked and modified to do what I want.

1 Like

nah it will be like script to catch word before it goes to clipboard then encrypt it by password already saved and hashed in PC so whenever he paste it back…wait i have no idea how make the script, ideas ? lol

give me info how script work and i will try play with python but give me easy words im not native

EDIT: ig those will help

Sorry, I’m not a programmer, but, the openpgp-applet is almost what I want, the only thing that needs to be changed is that the login user password is also the encryption key AND that it works from login automatically.

One of the results that @esmailelbob showed in the GH search encrypts the clipboard, but it’s still under development and it also mantains a history of your clipboard so you can check it later. I filled in an issue to see if there could be an option for this to be disabled.

Is the openpgp-applet only available on Tails?

no you can install from repo or compile from source

1 Like