Test

A Note on Hard Drives and Protected Data

I recently wrote about trying different password managers, and noted that exporting to CSV (which can be read and written by any spreadsheet program) is often an efficient way to move between programs. If you are particularly security-conscious, however, you should note that any files that get written to your hard drive (be they CSV files or anything else) can, in modern file systems, become permanently or semi-permanently written to the hard drive. This means that even after you delete them, traces may exist.

Note that with modern “Journaled” file systems (which you are likely to be using, if you are using a modern computer), even programs like shred, which are designed to overwrite files with random data to make them unreadable, won’t always solve this problem: see here.
If you use a program such as KeePass2, this is fine, because the file itself is encrypted, and KeePass2 has features that work specifically not to write anything unprotected to the hard drive. This is also not as much of a concern for computers that use encrypted hard drives. For everyone else, though, there’s a small workaround that can mitigate this security risk.

The workaround is to create a directory on your system that writes directly to RAM. Unlike a hard drive, RAM is “volatile memory,” which means that it is designed to be overwritten, or to disappear within a few minutes of a computer being turned off. In Unix systems (e.g., Linux and Mac OSX, though the code below has not be tested in the latter), this type of file system mount is called “tempfs” (for “Temporary File System”), and mounting it requires just one command (line 29 below). I’ve written a short example script that can be run from a Unix terminal to automate the process (and to ask you whether you’re sure you want to proceed before it actually sets up the mountpoint).

#!/bin/bash

#################
# SETTINGS
#################

TEMPORARY_FILESYSTEM_LOCATION_FOR_DECRYPTED_DATA="/path/to/a/directory/for/temporary/jobs"

# Get the information for the two variables below by running `id` in a terminal. This will be used to limit access to the temporary (tempfs) filesystem used for the decrypted data. See http://unix.stackexchange.com/a/71060/30419: "A better option than writing to /run is probably creating your own tmpfs mount owned by the user whose going to use it."

USER_ID_NUMBER='1000'

USER_GROUP_NUMBER='1000'

#################
# END SETTINGS
#################


# Make a directory (-p doesn't give you a warning if it's already been created), and then mount a temporary filesystem on it. This WILL wipe out anything currently in a temporary filesystem (i.e., a tempfs) mounted on that folder:
mkdir -p "$TEMPORARY_FILESYSTEM_LOCATION_FOR_DECRYPTED_DATA"
while true
do
	ls -lA "$TEMPORARY_FILESYSTEM_LOCATION_FOR_DECRYPTED_DATA"
  read -p "We will now create a temporary filesystem (i.e., a 'tempfs') that will write to RAM (and possibly Swap space) instead of the main disk. This mountpoint will be deleted on reboot. This process will also delete anything currently in the mountpoint folder, which is '$TEMPORARY_FILESYSTEM_LOCATION_FOR_DECRYPTED_DATA'. Any current contents of that folder are listed above this message. Continue? (Y/N)" USER_RESPONSE_HOLDER
  case $USER_RESPONSE_HOLDER in
     [Yy]* )
        echo "Mounting temporary filesystem to '$TEMPORARY_FILESYSTEM_LOCATION_FOR_DECRYPTED_DATA'...We will now ask for the root password, in order to mount the tempfs. After that, you will be asked for your decryption passphrase..."
           sudo mount -t tmpfs tmpfs "$TEMPORARY_FILESYSTEM_LOCATION_FOR_DECRYPTED_DATA" -ouid=$USER_ID_NUMBER,gid=$USER_GROUP_NUMBER
        break;;
     [Nn]* )
        exit
        break;;
     * )
        echo "Please type \"Y\" if you would like to continue. Otherwise, type \"N\"";;
  esac
done

Whether you use the script or just fill in and use line 29 above, the idea is that you would then save your temporary unencrypted files (such as your temporary CSV password export file) within whatever directory you had set to TEMPORARY_FILESYSTEM_LOCATION_FOR_DECRYPTED_DATA on line 7 above. This directory will periodically be deleted, and will completely be deleted upon a system shutdown or reboot.

Do note that even if you do this, the file can, in some cases, still be written to disk if your RAM fills up and the computer starts to use “Swap” space (a section of your hard drive dedicated to spillover from RAM, in order that the computer not seize up if it runs out of memory). Some operating systems, like Ubuntu, encrypt Swap space by default as a way to mitigate exactly this type of risk.

Related

Next
Previous