Sealing wax & eKeyboard
Thomas Shaddack
shaddack at ns.arachne.cz
Wed Jul 16 08:27:51 PDT 2003
On Wed, 16 Jul 2003, Tyler Durden wrote:
> This reminds me of another thing that occurred to me, but as I'm no computer
> engineer I can't tell how much of a defense it would be. (At the very least
> a nice stopgap for a while...)
>
> To get around keystroke loggers, it would be nice to have some fom of
> onscreen keyboard, perhaps available over the web. The keyboard would likely
> work only with the mouse (making it slow to use, of course), and each time
> the keyboard appears (and at periodic intervals) the keyboard scrambles its
> keys.
Been done.
Something like that is included in Tinfoilhat Linux distribution, see
http://tinfoilhat.shmoo.com/
Another thing for keyboard-based data input is Sneaky Pete, a Java app
http://packetstorm.icx.fr/java/sneaky.tar.gz
(from http://packetstorm.icx.fr/java/indexdate.shtml - original project
homepage is dead).
And I suppose there are more.
However, this will work around the keyboard loggers, but will cause
development of eg. programs saving the screenshots at the moment of a
mouseclick. (Which is definitely more detectable - by storing bulk amounts
of data - than just a plain keylogger, disadvantaging the adversary
somehow.) Also won't protect against ceiling cams, if they'd have enough
resolution to see the screen clearly enough.
Couldn't there be some challenge-response device, eg. over IrDA or radio
waves or direct contact (eg, iButton DS1955B or DS1957B), which would be
unlocked by something like a PIN code? How to avoid the leakage of the PIN
and subsequent seizure of the device then?
> I suspect it would be MUCH harder to figure out what has been typed.
At least for a while, yes.
More information about the cypherpunks-legacy
mailing list