A weak defense against keyboard logging...
Mike Field
mafield at the.net.nz
Wed Dec 20 15:33:32 PST 2000
After reading your email on cryptome.org....
A couple of weak defences against keyboard logging of passwords. Both
are useful to allow you to keep your password hidden from a keyboard
sniffer or a 'patched' telnet program.
'One key' password entry.
----------------------
The program displays the letters of the alphabet and slowly
cycles which letter the cursor is under...
You push the spacebar to stop the cursor, and then if you don't push the
spacebar again within two seconds it accepts it as part of the password.
All a keyboard logger sees is a few space presses. This could be
implemented at the remote end of a telnet session (well, a ssh
session...)
If the order of letters or they cursor moves was randomised the keypress
timing would contain no information about the password.
This gets round the employer problem unless the employer is watching
your screen. The password feedback is visual.
Mouse password entry
--------------------
You could use your mouse to hunt and peck the desired letters on a
keyboard. Once a letter is chosen the cursor should jump to a random
location on the display to foil 'mouse sniffing'
Cheers
Mike Field
mafield at the.net.nz
More information about the cypherpunks-legacy
mailing list