[FR browser addon] destroy master pasword in clipboard after login

Zoe_Nagy · November 10, 2023, 11:07am

We don’t want our master password to stay in RAM longer than needed do we?

Could check if clipboard content is the actual master password before wiping, in case it was typed in but also stored in clipboard.

grb · November 10, 2023, 3:47pm

Why would the master password be stored in the clipboard?

Zoe_Nagy · November 10, 2023, 10:55pm

Because it’s 90bit random entropy, which I store in offline password manager, and not going to type in

grb · November 10, 2023, 11:09pm

Interesting. FYI, you really only need around 50 bits of entropy to make an uncrackable master password (e.g., a random, 4-word passphrase).

Second question is, why are you logging out and logging in so frequently that clearing the clipboard manually is a chore for you?

Zoe_Nagy · November 10, 2023, 11:59pm

One could argue that rememberable password is weaker, since someone could shoulder surf. But our threat levels can be different.

That’s the point I only need to login when browser crashes, so I use clipboard, and forget to clear clipboard after, and if I’m unlucky I will paste my password into website/chat/live zoom call after. Why would you trust a human with a chore?

If bitwarden knows that clipboard content was meant for itself (login success) then it could block that information to be used by anyone else. Anyway, it could be an option for others if it’s causing a problem.

Mxx · November 12, 2023, 3:06am

why not configure your offline password manager to clear clipboard? Surely it’s capable of doing that since it knows that a password was copied…

Zoe_Nagy · November 12, 2023, 10:28am

Because some people might store it in different way, or not have that option.
Why not make it secure out of the box for everyone by adding 3 more lines of code.

With all these data breaches going on one cannot be paranoid enough.

Mxx · November 12, 2023, 3:47pm

Different from what?

Exactly. So ask developers of that password manager to add it.

BitWarden is an open source project with source code available on the GitHub. If it’s as simple as you say it is, add those 3 lines and submit a PR to get it merged.

If this is your threat model then don’t use clipboard to enter your master password at all.
But yes, one can be too paranoid and start being afraid of their own shadow and exercise in security theater.

Zoe_Nagy · November 13, 2023, 10:28pm

Here is a simpler take

I have auto clear in offline password manager,
login into bitwarden with clipboard,
mis click copy-page password button for given page, because we are meatballs
naively paste into website,
oops it was master password, not site password.
still within clear time of offline password manager.
Now I would bet 99% of people wouldn’t change their master password at this point, since they manually corrected it with backspace.

I’m not familiar with code base but it shouldn’t be harder than

onLoginEvent
  if clipboard == masterPassword:
      clipboard.clear( )