Feature request: Data Encryption

[emris]

Aloha, It would be really cool if all data in the SQLite DB could be Encrypted. Sensitive data like passwords are stored in plain text at the moment.

One way of doing this could be with a password. If you activate this option, every time Ditto starts you have to enter your password that is used to encrypt all data. If you change your password everything would have to be encrypted with your new password. And if you forget your password, well then, your data is lost.. so don't forget your password :)

[ramz35]

Sensitive data like passwords are stored in plain text at the moment.

No way?! I was looking around at various descriptions and comments before installing and if this is true then it’s a huge deal breaker (and should be for everyone). I read on the sourceforge description that it encrypts across the network so can’t believe it doesn’t at rest. In the age of password managers this can’t be a thing.

That said, still kudos to the guy for what seems like a great idea and much loved free software.

[akoppa]

I second emris suggestion. Encryption would be a great addition and by all means passwords is not the only reason for encryption.

[BirukTes]

I am not sure how hard but definitely no payment probably, @sabrogden have you seen how CopyQ has integrated Gpg4win (GnuPG), do you think that is feasible?

[farzher]

i wrote my own ditto clone just for this feature. there's so much private stuff in my clipboard history! o: i also added image compression, which makes the .db way smaller. was shocked ditto is storing images uncompressed

[BirukTes]

@farzher Would it be possible to share the code source on github, I am sure it would be help to @sabrogden and us?

[farzher]

i'd be happy to share but there's nothing interesting in my source code, i'm just using a random version of sqlite i found that has encryption. https://github.com/rindeal/SQLite3-Encryption

i understand why you wouldn't want to just add that to ditto though. i didn't vet the code properly (also there's maybe license issues)

[asmoore82]

I read on the sourceforge description that it encrypts across the network so can’t believe it doesn’t at rest. In the age of password managers this can’t be a thing.

In the modern age it might be beyond the scope of one productivity app to worry about encryption at rest. If that's a necessity, I believe it should be done at the OS/partition/drive/hardware level.

I've just polished up this AutoHotKey script for on-the-fly (not-very-strong) encryption of passwords on my clipboard. I don't have to worry about the db on disk at rest, because my institution's policies enforce whole drive encryption. So this was done mostly for screenshare sessions when I'm jumping around and briefly using my clip history. Even if Ditto did db encryption on disk, screenshare would still pose a problem. With that use in mind, I'm also not too worried about relatively weak encryption because the full contents of the clip plaintext isn't shown in the narrow quickpaste menu. https://gist.github.com/asmoore82/5113c990daedf3720d2dd7bf23bd4bde

[BirukTes]

But it is not only because of passwords that the db should have an option to encrypt it. There are a number of company owned details that would be at risk such as emails 📧, private conversations 📜, API keys 🔑 ... and more.

In most cases Ditto is less likely to be targeted but a built-in features like Windows 10 Clipboard Manager probably, but who knows anybody who is in for hijacking clipboard managers cannot help but also target 🎯 Ditto and others. Anyway, there may ways to secure the db or clipboard data, however the legend Ditto was rejected ❌ from an approved opensource app use within a company because data is 'not encrypted'...

[garoto]

Glad you used plenty of emojis to help get your message across, otherwise all those latin scripts forming words and sentences and shit would give my puny brain a hard time.

[ericvanvoorthuizen]

Same here, Ditto was rejected by our security team because data is 'not encrypted'. Any plans for using an encrypted DB (with an additional passphrase to prevent DB copy and misuse)?

Now I need to switch to ClipboardFusion and do an one by one export :-( and then I will have it in a encrypted DB. Although I can still copy and use this DB if I copy it, which is still a security risk ;-)

[leaumar]

I believe this thread is a dupe of #88