From reports published by West Coast Labs, it's a purely software-only solution that consists of some sort of (Win9x/Win2K/XP only) low-level keyboard driver interface that bypasses the standard Windows user-level interface and sends keystrokes directly to the application, in the same way
http://www.bluegemsecurity.com/ claims that they can encrypt data from the keyboard to the web browser, bypassing trojans and sniffers, however the web pages are completely lacking in any detail on what they're actually doing. that a number of OTFE packages directly access the keyboard driver to try and evade sniffers. The West Coast Labs tests report that they successfully evade all known sniffers, which doesn't actually mean much since all it proves is that LocalSSL is sufficiently 0-day that none of the sniffers target it yet. The use of SSL to get the keystrokes from the driver to the target app seems somewhat silly, if sniffers don't know about LocalSSL then there's no need to encrypt the data, and once they do know about it then the encryption won't help, they'll just dive in before the encryption happens. Anyone else have any additional information/comments about this? Peter.
At 9:11 PM +1300 10/28/05, Peter Gutmann wrote:
The West Coast Labs tests report that they successfully evade all known sniffers, which doesn't actually mean much since all it proves is that LocalSSL is sufficiently 0-day that none of the sniffers target it yet. The use of SSL to get the keystrokes from the driver to the target app seems somewhat silly, if sniffers don't know about LocalSSL then there's no need to encrypt the data, and once they do know about it then the encryption won't help, they'll just dive in before the encryption happens.
Absent any real data, crypto-dogma :-) says that you need hardware-encryption, physical sources of randomness, and all sorts of other stuff to really solve this problem. On the other hand, such hardware solutions usually come hand-in-hand with the whole hierarchical is-a-person "PKI" book-entry-to-the-display I-gotcher-"digital-rights"-right-here-buddy mess, ala Palladium, etc. Like SSL, then -- and barring the usual genius out there who flips the whole tortoise over to kill it, which is what you're really asking here -- this thing might work good enough to keep Microsoft/Verisign/et al. in business a few more years. To the rubes and newbs, it's like Microsoft adopting TLS, or Intel doing their current crypto/DRM stuff, which, given the amount iPod/iTunes writes to their bottom line now, is apparently why Apple really switched from PPC to Intel now instead of later. You know they're going to do evil, but at least the *other* malware goes away. So, sure. SSL to the keys. That way Lotus *still* won't run, and business gets done in Redmond a little while longer. Cheers, RAH Somewhere, Dr. Franklin is laughing, of course... -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
-- R.A. Hettinga" <rah@shipwright.com>
Intel doing their current crypto/DRM stuff, [...] You know they're going to do evil, but at least the *other* malware goes away.
I am a reluctant convert to DRM. At least with DRM, we face a smaller number of threats. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG ctySJF5hgF1q9fil61pohBVLfj/aT4jWZ/KUf29x 4GuXiNXRF+nY3+3LFo8YpvV4w1S5dwf+LcuAsZWWe
At 11:10 AM -0700 10/28/05, James A. Donald wrote:
I am a reluctant convert to DRM. At least with DRM, we face a smaller number of threats.
I have had it explained to me, many times more than I want to remember, :-), that strong crypto is strong crypto. It's not that I'm unconvinceable, but I'm still unconvinced, on the balance. OTOH, if markets overtake the DRM issue, as most cypherpunks I've talked to think, then we still have lots of leftover installed crypto to play around with. Cheers, RAH Who still thinks that digital proctology is not the same thing as financial cryptography. -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
At 7:51 PM -0400 10/28/05, R.A. Hettinga wrote:
OTOH, if markets overtake the DRM issue, ^" moot", was what I meant to say...
Anyway, you get the idea. Cheers, RAH -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
participants (3)
-
James A. Donald -
pgut001@cs.auckland.ac.nz -
R.A. Hettinga