Menu

Can I hide my password in the commandline ?

Technical Topics
Ad van den Broek
2022-01-13
2022-01-31

  • Ad van den Broek

    Ad van den Broek - 2022-01-13

    When I use Veracrypt from commandline I have to include a password-parameter.
    As a result my script/BATch-file contains my password in readable text.
    Any suggestion how I can hide this password ?

     

  • RealTehreal

    RealTehreal - 2022-01-16

    What happens, if you miss out the password parameter? Will it possibly ask for a password then?

    Greets

     

    • Ad van den Broek

      Ad van den Broek - 2022-01-21

      Correct; without the password parameter, it will ask for the password.

       

      • RealTehreal

        RealTehreal - 2022-01-22

        So, I guess it's case closed, then?

         

        • Ad van den Broek

          Ad van den Broek - 2022-01-30

          No ! I'm still looking for a way to transfer safely password info to veracrypt. So I'm looking for a way to encrypt the transfer of that info or to transfer that info using the clipboard.

           

          • RealTehreal

            RealTehreal - 2022-01-31

            That's out of scope for VC. You will have to depend on third party software and your OS to safely store and retrieve the secret of your volume. Using a combination of TPM and PGP could be what you're looking for. But due to the matter of fact, there will be a point in time when the secret must be unencrypted. Otherwise it couldn't be used.

             

            Last edit: RealTehreal 2022-01-31

  • Jeremy Marks

    Jeremy Marks - 2022-01-28

    Can you do something like this:

    export MY_PASSCOMMAND="cat $HOME/password-file-for-veracrypt"
     

  • Adrian Kentleton

    Adrian Kentleton - 2022-01-31

    There's a fairly simple way to do this, though it obviously creates a security risk; it will obfuscate your password from casual, but not forensic, analysis. But even a password only you know is not secure! Criminals, or legal authorities, would coerce it from you if they wanted to!

    See XKCD!

    You create two batch files. The first pulls your password embedded in an innocent-looking lengthy text file (eg a 'Terms & Conditions' document) and writes it to a new text file, and looks something like this:

    @echo off for /f "tokens= delims= " %%a in (somefile.txt) do echo %%a > newfile.txt exit

    The second batch file looks something like this, pulling the password from the new file, then deleting the new file after the volume is mounted :

    @echo off for /f %%a in (newfile.txt) do set p=%%a veracrypt <other options> /p %p% del /f /q newfile.txt exit

    You run the first file before running the second. They are sensibly stored in two different places, and the name, location, and purpose of the first file needs to be well obfuscated.

    Are you comfortable writing batch files, and can you get your head around the for /f "tokens= delims= " syntax? It's complicated! I'm afraid you'll really need to work this out for yourself; if I gave more detailed instructions, it'd be a very great security risk!

     

    Last edit: Adrian Kentleton 2022-01-31

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.