Sealing wax & eKeyboard

Wed Jul 16 11:52:28 PDT 2003

"Anything displayed on your screen is visible to the guy across the street
with a TEMPEST detector unless you work in a Faraday cage. "

No, no you have the whole thing wrong. As May recently stated, "crypto is 
economics". It's one thing for "them" to set up a camera to look at some 
Arab guy's computer down on Atlantic Ave in Brooklyn. It's an entirely 
different thing if, by using a virtual keyboard, "they" have to do the same 
thing for millions of people. (And in case it's not obvious, the cost 
probably won' be in the hardware but in the installation costs, and the fact 
that the probability of detection of such efforts is nonzero, thus 
nullifying their "investment".) If I have a plan to smash a plane into the 
Empire State building, I'll probably work harder to hide it. If I'm sharing 
mp3's on Kazaa or whatever and I don't want to have RIAA make an example out 
of me, that virtual keyboard may be just right.

The real danger of crypto and, I'd argue, a virtual keyboard in this case, 
is that by spending tiny fractions of money we can make it prohibitively 
costly for "them" to monitor a large number of transactions. Forget 
unbreakability. Forget Faraday cages (you don't have anything that important 
to hide anyway). Cheap, easy and scalable is the only way to bumrush this 
show.

-TD

>From: Sunder <sunder at sunder.net>
>To: Thomas Shaddack <shaddack at ns.arachne.cz>
>CC: Tyler Durden <camera_lumina at hotmail.com>, timcmay at got.net,   
>cypherpunks at minder.net
>Subject: Re: Sealing wax & eKeyboard
>Date: Wed, 16 Jul 2003 13:23:02 -0400 (edt)
>
>Geez!  You guys have the DUMBEST ideas ever!  For fuck's sake, go and
>RTFA! (For the dumb: READ THE FUCKING ARCHIVES!)
>
>Anything displayed on your screen is visible to the guy across the street
>with a TEMPEST detector unless you work in a Faraday cage.  Failing that a
>hidden pinhole camera, or an RF transmitter attached to your cable -- hell
>these are available for hobbist use right now: x10.com has small devices
>that you can use to broadcast video from one room to another.  Getting the
>same done for VGA, XVGA, etc. shouldn't be any harder.
>
>Using IR or RF is one of the stupidest things you could possibly
>do.  Think!  IR and RF are detectable from a distance!
>
>Ok, some IR auth is ok, provided it's in a sealed chamber and no photons
>leak out.  i.e. think of a two cylinders, sealed at the ends where the
>cables go, where one fits inside the other... sort of like fiber optic
>cables and connectors.  No leaks.
>
>Direct contact's obviously fine, so long as your alleged attacker can't
>tap into it.
>
>----------------------Kaos-Keraunos-Kybernetos---------------------------
>  + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of   /|\
>   \|/  :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\
><--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech.  \/|\/
>   /|\  :Found to date: 0.  Cost of war: $800,000,000,000 USD.        \|/
>  + v + :           The look on Sadam's face - priceless!
>--------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------
>
>On Wed, 16 Jul 2003, Thomas Shaddack wrote:
>
> > However, this will work around the keyboard loggers, but will cause
> > development of eg. programs saving the screenshots at the moment of a
> > mouseclick. (Which is definitely more detectable - by storing bulk 
>amounts
> > of data - than just a plain keylogger, disadvantaging the adversary
> > somehow.) Also won't protect against ceiling cams, if they'd have enough
> > resolution to see the screen clearly enough.
> >
> > Couldn't there be some challenge-response device, eg. over IrDA or radio
> > waves or direct contact (eg, iButton DS1955B or DS1957B), which would be
> > unlocked by something like a PIN code? How to avoid the leakage of the 
>PIN
> > and subsequent seizure of the device then?

_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8. 
http://join.msn.com/?page=features/junkmail