How can I securely store and access a backup passphrase?

I am referring to doing Qubes backups.

Qubes Tools > Backup Qubes

I wish to use highly secure, long, random, generated passphrases.

My assumptions (obstacles):

  • KeepassXC cannot be used within dom0, so generating and storing the passphrases this way is not possible

  • Copy and pasting these from an AppVM is also not possible, given that you cannot copy and paste into dom0

I am aware of these options but do not find them sufficiently secure:

  • saving and storing the passphrase in plaintext in dom0, which is obviously a horrible idea.
  • passing the passphrase into dom0 at the command line, inside of a text file, leaving a large attack surface for the passphrase to later be found by an attacker. in addition to being extremely tedious.
  • manually typing the passphrase in each time, necessitating a much shorter, more human readable passphrase, with high risk of errors and permanent data loss the more complex the passphrase gets. also very tedious for long, complex passphrases.
1 Like

@MysticDreamer I recommend manually typing the password, the only thing that can fail then is your memory. This type of password can be just as strong as randomly generated if you just follow best practices and memorize it.

Other than that if you don’t wanna type it each time maybe consider something like this? https://apricorn.com/ , you could unlock and mount it and there you have password in plain text. Use it for all my ssh keys personally.

This assumes that the password you are talking about is some sort of master password. If not then use keepass to store all of them.

2 Likes

Thanks for the apricorn link. :+1:

2 Likes

As I said, I am already aware of this option, and I do not find it suitably secure.

The main reason being your assumption/claim that this type of password ‘can be just as strong as a randomly generated password’ is false.

For example, here is a randomly generated password with 750 bits of entropy.

sĂœÂšLXu¡ÔĂșĂ°(??L$»³Z7RÚrMZÅ°£@ĂŽĂŠbtĂŁĂŹ~ÂáQ[ﰔ~wNVÔĚLBÂŹvĂŽÂą[blÉÂȘĂŽĂ‰ĂœĂ–L>SËÂčHÉ],ÁØÌ&ĂŸSewVĂœ]BÍ`BUÀùÿ_5gSĂŹC8ĂȘĂ­+°DZeÂœ/ÏVv|[˾KLÐv»>=ĂȘsÂȘÂȘ±Š

Passphrases like this, or even more secure than this, can be created in seconds with software, unique passphrases for each backup. With perfect reliability.

No human can even come close to that through memorization.

Other than that if you don’t wanna type it each time maybe consider something like this? https://apricorn.com/ , you could unlock and mount it and there you have password in plain text. Use it for all my ssh keys personally.

What you’re implying is that you can mount a USB drive to dom0. I was not aware you could do that, and I just tried it and do not see that option.

A quick Google search turns up a bunch of the usual hemming and hawwing on this forum where people warn the OP not to do it and I don’t immediatley see any instructions for how to do it or if it’s even possible.

1 Like

No not mount in dom0, never. Just mount in qube and paste to dom0, this is still not recommended and you can hurt the integrity of dom0.

And the password just as secure I’m referring to no one would be able to crack it. You are putting unreasonable standards when you only allow randomly generated passwords. You add to much complexity that in the end will hurt your opsec. Like I said best password is long special chars and have no meaning to you whatsoever (or anyone else tbh) BUT you can remember it.

Update: Just do some reading online and you will find out that a good password is technically uncrackable.

1 Like

mount in qube and paste to dom0

How is this done?

If I could paste into dom0, this problem would be solved. I have not found any way to do that.

1 Like

Still not recommended, you are making worse opsec decisions that could compromise dom0.

1 Like

Update: Just do some reading online and you will find out that a good password is technically uncrackable.

Just do some reading online and you’ll discover that you have no idea who the other person is on the other side of your internet connection, what they know or do not know, and what they have already read - or indeed, written at length for others.

In summary: I stand by every letter of every word I previously stated.

1 Like

Ok then, gl.

1 Like

Pasting is only possible from dom0 to an AppVM, not the other way around. I would encourage you to read the link you just shared, as it appears you haven’t. Or you didn’t understand it.

I also addressed this option in the OP.

  • passing the passphrase into dom0 at the command line, inside of a text file, leaving a large attack surface for the passphrase to later be found by an attacker. in addition to being extremely tedious.
1 Like

Please read the full page, bottom there is instructions on copying to dom0.

Since you seem unable to read then here is the command:

qvm-run --pass-io <src-vm> 'cat /path/to/file_in_src_domain' > /path/to/file_name_in_dom0
1 Like

Yes, that passes a text file. As per my previous comment, I addressed this in the OP:

  • passing the passphrase into dom0 at the command line, inside of a text file, leaving a large attack surface for the passphrase to later be found by an attacker. in addition to being extremely tedious.
1 Like

Yes, but it answers your question on how to copy to dom0. With your comment yes its an issue, but since the start the way you lay this up opens up many attack surfaces. So same same, compromises your opsec either way.

1 Like

That is not what I meant by copying, I meant copy/pasting.

That is what I would call transferring a file.

It appears this is a simple miscommunication over the definitions of common computing concepts. That or someone just doesn’t want to be wrong on the internet.

1 Like

Ok good luck.

Just wanna add a pointer that clipboard (copy/pasting) is not more secure then a file. And copy can be a file and clipboard, that term works for both. You copy a file, you copy to clipboard. And will mention once again the most secure way is still memorizing a password and input using keyboard. That has the least attack surface.

This will be my final entry in this thread, not going anywhere, just like talking to chatgpt :smiley:

1 Like

And again, making false assumptions about what I do and do not already know.

I do not need you to teach me anything dude, particularly since you’ve made it clear you haven’t the slightest idea what the fuck you are talking about.

A text file has a wide attack surface. There are about 17 ways a hacker could see the contents of that, no matter how hard you tried to delete it. A clipboard has an attack surface, but it’s not the size of the Atlantic Ocean.

1 Like

Why is this “obviously a horrible idea”? If your adversary has access to dom0, it’s already game over.

1 Like

I guess you should tell Qubes to remove the huge warning that gets shown if you choose that option, since there is nothing insecure about it.

1 Like

If anybody has an answer to my question that would be outstanding.

1 Like

Use a wordlist:

Passphrases generated with them are designed to be easier to remember with sufficient memory training, so you do not need to insecurely store them into text files.