I know this isn't an ideal solution, but I suspect it would be pretty darn easy to implement:
Obviously, the holy grail of password management should involve not storing passwords (encrypted or otherwise) on any online VM until they instant they are needed. I've been implementing this via copy/paste for my most important credentials, but it's a pain, and I'm far too lazy to do this with all of my logins. However, I justed noticed that R3.2 introduced a Dom0-to-hyperboard[1] copy function, and since Dom0 knows the window title text... couldn't there be another hypervisor keyboard shortcut that would use the window title to search though a simple database, copy a string associated with that window title and send it to that VM's clipboard? And because browser window titles are changed by websites, that means you could in most cases store one password per website. As always, it would be the user's responsibility to not input the password into a spoofed website. (This tool would thus be more of a convenience for power users, not the robust and idiotproof edition.) One could also use this to quickly retrieve passwords for applications like Pidgin (which still uses plaintext password storage if you ask it to remember passwords). You could use it with passwords for GUI terminals, too Someone might disagree with your passwordless sudo (I'm mostly fine with it), or they might use that terminal heavily with remote machine... perhaps with an employer who has arduous password requirements. I realize this is far from optimal[2], but it strikes me as a hefty security-convenience win that requires little effort to implement. Am I wrong on either of these counts? Shane 1. A much cooler name than "inter-VM clipboard" 2. For starters, website titles can change. And the passwords should ideally be kept in another VM, not Dom0. And there would preferably be a better mechanism for verifying websites or applications to prevent absent-minded copy/pastes into impostors (although, I would argue this tool wouldn't be likely to be used by particularly careless people.) On that latter point, a further very hack-y trick would be you had a web browser extension that could hash the URL, check whether certificate is good and then insert a token into the window title text ... ok ok, this is getting a bit crazy. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/91e93e9a-996b-4667-91b3-55ce97849ac8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.