1

I want to generate a very safe password with gpg with 24+ characters. As it would be very cumbersome to write down the output, I was wondering if there is a way to copy it to the clipboard without leaving any trace, i.e. without any potential attacker being able to retrieve that information. In that same vein, is there a way to retrieve command line outputs by an attacker and, if so, is there a way to thwart these attempts ?

Reacting to the admittedly poignant and relevant criticisms in the comment section, I rephrase the question like this:

I want to find a way to secure my every move digitally. I figured that the best way to this is to generate secure passwords and to administer them in password managers. However, the longer the password and the more one has of them, the more burdensome it gets to copy them manually. But if after generating them on the command line and copying them to the clipboard, an attacker can get hold of them by simply installing a clipboard history manager, the whole point of doing this is moot. So the question really is how to safely generate passwords and transfer them to a manager without exposing oneself to this kind of danger.

Paul Rousseau
  • 167
  • I use keepassx for such passwords. it deletes the entry from the clipboard after a while. – Bruni Jun 10 '20 at 12:44
  • In my opinion, it is in the same vein: How to be as safe as possible even if the attacker gains access, e.g. through ssh. – Paul Rousseau Jun 10 '20 at 12:56
  • This question aims at making your system safe, even in that event. – Paul Rousseau Jun 10 '20 at 12:57
  • AskUbuntu works best when you ask a single answerable question. I'm seeing at least three questions here, one of which has an existing answer already. Which one do you want us to answer? Are you doing some kind of basic security research? Your credential question seems like a chicken-and-egg problem: How does an attacker steal credentials using ssh before penetrating the system? – user535733 Jun 10 '20 at 14:26
  • Not before penetrating, but after. All it takes to ssh into a linux system is to get the administrator password, who knows through which channel (let's revisit the ingeniousness of hackers having done this in the past... ). Once that is achieved, there are more or less no barriers. This strikes me as a flaw in the system. There should be more safeguards, even if the front-moat is compromised. – Paul Rousseau Jun 10 '20 at 15:20

0 Answers0