Keyboard logging
mmotyka at lsil.com
mmotyka at lsil.com
Wed Dec 20 11:34:39 PST 2000
>use on screen keyboards using mouse action or use non-bios routines that
>remap key codes.
>
>If you need this level of security you probably need to look at the whole
>environment and do some serious thinking.
>
>If you use standard keyboards then the scancodes can be intercepted, if >you
>have standard PC's with non-custom OS then almost anything can be sniffed
>out.
>
>(The moot list is in need of any good advice on this, basic discussion
>already covered)
>
It is possible using external HW to get keycodes and random numbers into
a machine and to an application bypassing the entire OS keycode path (
hiding the codes, timing and quantity ) and to generate a simple font
engine to allow an app to display characters without going through the
OS font engine. In this way you could create a slightly secure app ( a
mail client for instance ) on an insecure system like windows. It would
still be easily attacked if it were specifically a target but would
probably be immune to any general purpose loggers in either the keyboard
path ( except on the kyb itself ) or the OS font engine.
If you think the OS font engine can be trusted then you can create an
app that given a handle feeds the keycodes to any standard application.
Obviously your keys and plaintext will be in memory so could be copied
by another thread that knew where to look.
More information about the cypherpunks-legacy
mailing list