Re: [Duplicity-talk] PASSPHRASE, the environment, memory, etc.

[Charles Duffy]

Fishing a passphrase out of an environment variable on Linux is dirt 
simple -- it exists in cleartext as /proc/<pid>/environ. You don't want 
to use /tmp either; /dev/shm would be slightly better, but not much at all.

Frankly, protecting a system from an attacker with full hardware access 
is a losing game -- but I'd think you'd want to keep the password on the 
system being backed up, rather than anywhere else. After all, you keep 
the data itself there; if it's not secure enough to store your key, it's 
not secure enough to store the data either, and you should move. By 
spreading sensitive knowledge across more systems (both the machine 
being backed up and the separate machine which stores the key used for 
encrypting the backups), you're increasing your overall exposure as well 
as adding more moving parts (and thus failure cases).