I'm using Python to generate passwords for myself - I'd feel a little silly if I found out that those are available in some sort of log somewhere, presumably plaintext
Do console windows, in Pycharm or otherwise, maintain history like that?
CodePudding user response:
No.
If you close your terminal, the outputs are gone. You can just go through your recent inputs by pushing the "up" arrow. Given, that your python script will generate random passwords, this should not be an issue though.
But if you are legitimately concerned for your password safety, a real password manager should be your choice.
CodePudding user response:
Could be. Most terminal emulators have a virtual "scroll buffer" that allows you to return to past outputs, thousands and thousands of lines -- everything that appeared on the screen. Obviously this text is collected, managed and stored for this use.
On Macbooks, Terminal.app will save and restore Terminal screen contents across a reboot, so they are stored somewhere. (Terminal has a system of unique session identifiers for each window, so information from multiple windows is managed.) I don't know of a way to recover the text after you close the OS X Terminal window, but that does not mean it is not sitting in some internal working file waiting for garbage collection.
The Python interactive commandline does not seem to save output; only your input is saved (in ~/.python_history), and can be reused in later sessions. As for pycharm, I don't know but since there is no way to view older session output, there's probably no reason to save it after a console window is closed.
As @Thunder wrote, you can avoid this particular problem by writing the passwords into a file, or even putting it directly in your system's clipboard. Clipboard management has its own exposures, but as long as the password is on your computer, it will be exposed somewhere.
But are you right to be worried? An exploit that gains access to your computer can easily assume full control, and looking for generated passwords in random places is certainly low on an attacker's list of priorities-- if anything, a worse-case attack with full access to your environment would be more likely to monitor keyclicks and snap to attention when you are about to authenticate to a known target like a bank, facebook, etc.
So my advice is: Don't worry too much about it. Close the console window after you generated the password, manage passwords securely from there on down (i.e. use a password manager), and use good practices and common sense to keep your computer from being pwned.