Sealing wax & eKeyboard

Tyler Durden camera_lumina at hotmail.com
Wed Jul 16 18:38:22 PDT 2003 

I don't think a virtual keyboard is necessarily a bad idea in this case. I 
live in a densely populated neighborhood in NYC. SOmeone is ALWAYS in my 
home, and in the rare cases nobody's here we turn on our alarm. This does 
not mean some visual surveillance of my keyboard is impossible, but it 
greatly reduces the number of parties with the desire and resources to 
attempt such a surveillance. And the reason this matters is because I can 
download such a virtual keyboard for pennies (thus causing the need for VERY 
costly forms of surveillance by nullifying keystroke loggers), and cause the 
cost of surveillance to rise probably far more than exponentially. This is a 
good thing (from my point of view!) in and of itself, but imagine if a large 
number of people thought this way, encrypting even the most trivial of 
communications.

-TD



>From: Sunder <sunder at sunder.net>
>To: Tyler Durden <camera_lumina at hotmail.com>
>CC: shaddack at ns.arachne.cz, timcmay at got.net, cypherpunks at minder.net
>Subject: Re: Sealing wax & eKeyboard
>Date: Wed, 16 Jul 2003 15:01:22 -0400 (edt)
>
>
>On Wed, 16 Jul 2003, Tyler Durden wrote:
>
> > "Anything displayed on your screen is visible to the guy across the 
>street
> > with a TEMPEST detector unless you work in a Faraday cage. "
> >
> > No, no you have the whole thing wrong. As May recently stated, "crypto 
>is
> > economics".
>
>Well, ok, it "all depends on your security model" is certainly the 1st
>factor to consider with how much you're willing to spend on it being a
>constraint to that.
>
>If your threat model is simply to have generic good security incase
>someone steals your machine, then so long as all your files are encrypted,
>the theif just gets whatever the hardware is worth at "it fell of a
>truck" prices, and no more.
>
>If your threat model is the fully armed and armorded ninja attack at
>3:00am -- which was what I gathered was what Sampo's originally presented
>question, then you can assume your attacker would have enough resources to
>pull off a TEMPEST van across the street, etc.
>
>So do you want crypto to keep a rogue government out of your fiels, or
>keep your kid sister from reading your email? etc...
>
>An on screen virtual keyboard is much easier to see than a real keyboard
>even by a shitty pinhole camera.  A real keyboard would have to be viewed
>from above, otherwise, all you can do is infer the keystrokes - which
>gives you a hint of what they are for a passphrase, but not much else.
>On screen keyboard can be seen much easier and your mouse pointer gives
>you away.
>
>So it all depends on who "they" is.  Either way, if "they" believe you are
>a nice jucy target, and their chances to net lots of data off your machine
>are high, they will park the TEMPEST SUV outside your door.  Not much
>question of that...
>
>If "they" are watching everyone for patterns and you don't stick out like
>a sore thumb, there's not much need for any of the above.
>
> > Empire State building, I'll probably work harder to hide it. If I'm 
>sharing
> > mp3's on Kazaa or whatever and I don't want to have RIAA make an example 
>out
> > of me, that virtual keyboard may be just right.
>
>No, virtual keyboard won't save your ass.  Your ISP will had it over on a
>plate along with trimmings (traffic logs, etc.)  If you're sharing MP3's
>on Kazaa, you're easy to find, and logs are proof enough.  All the RIAA
>troll has to do is download one song off your IP, prove it came from
>your IP, and get the ISP to give them logs, and you're toast.  Doesn't
>matter that your hard drive has since been wiped or encrypted or is
>unreadable.
>
>Using crypto to protect files you have already shared with the public is
>neurotic as a security measure.
>
> > The real danger of crypto and, I'd argue, a virtual keyboard in this 
>case,
> > is that by spending tiny fractions of money we can make it prohibitively
> > costly for "them" to monitor a large number of transactions.
>
>And if you do and are noticed, "they" will spend that money because you
>will be an obvious and clear target.  If they can get away with "why don't
>you just show us what you have - what do you have something to hide?" line
>to cow sheeple into giving them access, in their mind, you'd be the one to
>make their careers.
>
> > Forget
> > unbreakability. Forget Faraday cages (you don't have anything that 
>important
> > to hide anyway). Cheap, easy and scalable is the only way to bumrush 
>this
> > show.
>
>Again, what's your threat model, who is your attacker, how much are you
>willing to spend on it?
>
>
>----------------------Kaos-Keraunos-Kybernetos---------------------------
>  + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of   /|\
>   \|/  :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\
><--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech.  \/|\/
>   /|\  :Found to date: 0.  Cost of war: $800,000,000,000 USD.        \|/
>  + v + :           The look on Sadam's face - priceless!
>--------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------
>
>
>

_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*.  
http://join.msn.com/?page=features/featuredemail

More information about the cypherpunks-legacy mailing list