How safe is master key and cached password in RAM?

[Mukou-Aoi]

Quote from FAQ section on diskcryptor.org

Is it possible for the password to my disk and/or its contents to be compromised by a malware?

Yes, malware running with administrative privileges, may extract the password from the memory and to read any data. DiskCryptor does not protect you from malware. This is not a vulnerability of the program, as such kind of protection is not a part of the cryptographic software function.

What exactly does "running with administrative privileges" mean?

I encrypt my drive so that I don't need to worry about data leak when I turn my drive in for RMA, or in case I lost the drive. I still use my computer normally, which means I have to run some close source programs that require administrator privilege (answer "yes" for UAC prompt), for example: just about every installer, anti-cheats and DRM, some OEM utilities like SSD toolbox, hardware monitor like afterburner... are they all capable of acquiring my master key and cached password?

[alejandro-amo]

A program with administrative privileges does not rampantly access other parts of the memory. Those are different things. All in all, this is a matter of how Windows is built, its architecture, and has only limited relationship with how software has been developed.

For other processes to access parts of the memory contents of DiskCryptor (and any software), it is required that the software had loopholes or bugs that enable siphoning of the data through its software interfaces. It's never 100% safe, but also it's not so easy for that to happen.

As an example regarding a similar program (that uses encryption and needs to protect the master password in memory), please read this recent news piece: https://www.scmagazine.com/news/keepass-bug-lets-attackers-extract-the-master-password-from-memory

Good thing about DiskCryptor, Veracrypt and other data encryption softwares is that their code is published here, so anyone can review it and bugs could be found potentially quicker.

[ghost]

A program with administrative privileges does not rampantly access other parts of the memory. Those are different things. All in all, this is a matter of how Windows is built, its architecture, and has only limited relationship with how software has been developed.

For other processes to access parts of the memory contents of DiskCryptor (and any software), it is required that the software had loopholes or bugs that enable siphoning of the data through its software interfaces. It's never 100% safe, but also it's not so easy for that to happen.

As an example regarding a similar program (that uses encryption and needs to protect the master password in memory), please read this recent news piece: https://www.scmagazine.com/news/keepass-bug-lets-attackers-extract-the-master-password-from-memory

Good thing about DiskCryptor, Veracrypt and other data encryption softwares is that their code is published here, so anyone can review it and bugs could be found potentially quicker.

Man, pls, let's avoid this yellow pages in DiskCryptor repo.

If you have access to physical memory of the system or have rights in the system which can grant such access then it is absolutely does not make any sense how exactly key is stored in memory.

And I guess key is well-used in kernel space. So regular user cannot access it, BUT we all know a lot of examples of local privileges escalation.

So stop flooding... and close ridiculous issues.

[alejandro-amo]

Not sure whose answer you are criticizing, but one thing is for sure, that question was unattended for years and I took my time to try to explain the person that made the question (which many others like me will eventually find and possible share). One cannot think how could this be inadequate. In any case, you should have addressed the original question at the time, trying not to assume anyone's level of knowledge regarding the topic. Taking other path makes little sense to me, but you do you.