Nitrokey, passwords, the clipboard and security

In my (default) configuration I have 7 entries. But this can be configured to many more.
A google search shows that there are many clipboard managers for both KDE and Gnome, as well as other desktops. I also find some discussions about an API for management of the clipboard, including one attempt to do a cross platform API.
For myself I’ve made a habit of manually deleting passwords from the clipboard, so I can live with the situation - although I probably will forget that the one time it really matters :roll_eyes:

Knut

I think you have pasted wrong link - could you check?

there surely are, but KDE may is the only DE which enables such things per default (or did in the past). In my KDE times I used this for a long time but stop eventually (without particulary reason). Afterwards I never stumbled over such functions again (at least as auto-enabled feature).

If there is a solution which applies on different programs of this kind, that would be great. Maybe we can have look how other security related programs are managing this. I am wondering if password-managers like KeePass are affected as well and if not why…

Found this https://jtanx.github.io/2016/08/19/a-cross-platform-clipboard-library/, and this https://www.w3.org/TR/clipboard-apis/

Knut

On my computer KeePassX behaves a little bit different. There is an option “Clear clipboard after sec” (in my case 15 sec). And it will do exactly that. After 15 sec it is no longer possible to use ctrl-V to paste the password into another app. But the entry remains on top of the klipper history stack, and it can be retrieved from there. I guess this is fairly much the same as the way Nitrokey app is doing things. This may boil down to a problem with clipboard managers rather than with the clipboard itself. But given the proliferation of clipboard managers on many platforms, this remains a concern for anybody dealing with security issues.

Knut