Of course, "only stored in memory" really means "only stored in memory and maybe also in the paging file/swap area". Once the data hits disk, there are advanced forensic tools available to certain classes of adversaries that can recover old bits even after they have been overwritten by newer values. You can mitigate against this by disabling your paging file/swap area. – Fran – 2012-05-03T17:08:26.807

1@Fran: Modern operating systems allow a program to mark certain memory areas as unpageable/unswappable. (In the case of TrueCrypt, the cache is kept by TrueCrypt driver.) – user1686 – 2012-05-03T17:09:40.943

1@grawity Yes, but the TrueCrypt passphrase is read by its GUI in user-space and then transferred into the kernel for use by the driver. No matter how quickly the user-space code erases the passphrase from RAM, it may still end up in the paging file/swap area. – Fran – 2012-05-04T16:10:02.083

1@Fran: Not necessarily. Memory locations that are being actively used won't be swapped out (unless under heavy load), and it is possible to write a custom input control that stores its contents in nonswappable memory (KeePass does this). – user1686 – 2012-06-25T12:10:07.567

Wouldn't this be unsafe (kinda loosing the advantage of the password in the first place)? I trust TrueCrypt to not give unsafe options, so there must be more to this... – nik – 2009-10-09T12:02:53.180

The cache is only stored in memory, and in my example wiped at the end, using /wipecache – user1686 – 2009-10-09T12:42:59.937

@Fran: By that logic there is not secure way to enter any password at all, because it will always reside in pageable memory for a short amount of time. Of course you could allocate the input buffer in a "locked" memory page which would make the password cache secure as well. – David Foerster – 2014-03-24T05:10:35.407