Ditto icon indicating copy to clipboard operation
Ditto copied to clipboard
verified publisher icon sabrogden

The database stores values in plain text. Can it be encrypted?

Open bsacheri opened this issue 2 months ago • 6 comments

I opened the ditto .db file in a text editor and noticed that I can see my clips stored as plain text. I feel like this is a risk if someone were to get ahold of this file. In my database file I was able to easily see passwords and confidential information that I had copied to the clipboard. My portable file is being synced to Onedrive thus propagating the risk that this "temporary" information could later be found by someone else. This file has also been backed up onto some of my external hard drives (which I will now track down and delete).

I'm curious if there is an option in Ditto to encrypt the SQL Lite data file and/or if that would impact its performance? I saw no mention of encryption in the online documentation. If encryption is a performance hit, what about a simpler Cesar Cipher that prevents casual reading of the database file in a text editor?

In the meantime, I suggest that a warning should be added to the Options dialog, maybe on the General tab below the Database Path. "Note: the data stored in the database is not encrypted."

bsacheri avatar Oct 24 '25 01:10 bsacheri

Strongly agree! This is a must have feature in this cyber threat rich time, I watch out not to copy ANY sensitive data but still find encryption important here

phyck avatar Dec 08 '25 21:12 phyck

@bsacheri: Passwords should be deleted from Ditto, or you should even disconnect Ditto before copying them. A Caesar cipher is a (simplistic) form of encryption. The issue is neither encryption nor performance, but decryption. Ticket #171 suggests a mechanism Ditto could use to decrypt.

CopyQ supports encryption, though it is not built-in.

License This comment and any other from myself on this ticket is offered under the terms of CC0 1.0.

Chealer avatar Dec 09 '25 19:12 Chealer

I believe the 2 mainstream options for encryption credentials are unfortunately both less than ideal:

  • either the user has to enter the master password every time ditto starts (or select a keyfile), but this is very tiresome UX
  • or ditto stores the secret in the OS keychain, which exists in basically every OS today and is somehow generally secure, but comes with different integration code for every system

There's also protecting the secret in process memory.

As an aside, I worked around this problem by using keepassxc/dx (desktop/mobile) and its autotype and formfill features to simply avoid ever putting credentials on the clipboard. Hasn't been an issue in years. The only time it happens is when I'm given credentials and need to copy them to keepass, but then I just manually clean up. Ditto can also be set to ignore copies coming from your password manager.

leaumar avatar Dec 09 '25 23:12 leaumar

@Chealer Passwords are just an example. There are plenty of things I copy with Ditto that I wouldn't want a person or an AI to see. I don't take time every day to review my Ditto log and clean it out. Let's not fixate on passwords or credentials. In the age of AI would you want to offer an AI a plain text copy of your daily clipboard activity? How soon will it be before Microsoft allows Copilot to scan the contents of your OneDrive to make searching "more personalized"?

@leaumar There's no need to have a prompt to enter a password every time a user launches Ditto. Ditto could store the database key using the Windows Data Protection API (DPAPI) bound to the Current User (Copilot suggested this).

bsacheri avatar Dec 10 '25 03:12 bsacheri

@leaumar There's no need to have a prompt to enter a password every time a user launches Ditto. Ditto could store the database key using the Windows Data Protection API (DPAPI) bound to the Current User (Copilot suggested this).

Arbitrary code running as the user would still have access to the clear entries, but you are right that this would solve the cases you mentioned, which are considerable.

In the meantime, I suggest that a warning should be added to the Options dialog, maybe on the General tab below the Database Path. "Note: the data stored in the database is not encrypted."

#947 has similar suggestions which I consider better. I agree that the warning(s) could specifically mention storage.

Chealer avatar Dec 10 '25 06:12 Chealer

Ditto could store the database key using the Windows Data Protection API

Oh right, I was thinking that secure storage is a dev headache for crossplatform apps, but ditto's for windows only 😄

leaumar avatar Dec 10 '25 09:12 leaumar