Sealing wax & eKeyboard

[Thomas Shaddack]

> Geez!  You guys have the DUMBEST ideas ever!  For fuck's sake, go and
> RTFA! (For the dumb: READ THE FUCKING ARCHIVES!)

Behold your dogs of war for a moment more, please. :)

> Anything displayed on your screen is visible to the guy across the street
> with a TEMPEST detector unless you work in a Faraday cage.

So far, this is orders of magnitude more expensive than a keylogger. I am
not aware there is too high amount of the receiver units in use (nor I
suppose they are easy to operate by a non-specialist), so the number of
targets being threatened this way is much more limited than if some
software or comparably cheap hardware is used. For now, at least.

Then there is the shielding...

> Failing that a hidden pinhole camera, or an RF transmitter attached to
> your cable -- hell these are available for hobbist use right now:
> x10.com has small devices that you can use to broadcast video from one
> room to another.  Getting the same done for VGA, XVGA, etc. shouldn't
> be any harder.

Specified it as a threat. But this is what physical security is for.
Again, this brings the threat of being discovered. Also, a TSCM sweep can
reduce the risk.

> Using IR or RF is one of the stupidest things you could possibly
> do.  Think!  IR and RF are detectable from a distance!
>
> Ok, some IR auth is ok, provided it's in a sealed chamber and no photons
> leak out.  i.e. think of a two cylinders, sealed at the ends where the
> cables go, where one fits inside the other... sort of like fiber optic
> cables and connectors.  No leaks.

Use challenge-response. Immune against replay attack. With proper
algorithm, reasonably immune against cryptographic attack on intercepted
transactions. If it works over the Wild Wild Net, it should work over an
IR/RF connection as well.

> Direct contact's obviously fine, so long as your alleged attacker can't
> tap into it.

True. Again, physical security / tamperproofness issue.