[dm-crypt] avoid keyloggers: enter password with mouse (virtual keyboard)

Jan takethebus at gmx.de
Tue Oct 4 17:02:55 CEST 2011


Arno Wagner <arno at ...> writes:
> 
> On Wed, Apr 14, 2010 at 08:42:58PM +0200, Olivier Sessink wrote:
> > Arno Wagner wrote:
[...]

> Well, while I do not really think the virtual keyboard will help
> to a larger degree, it may still raise security a bit. 

It raises security to the NECESSARY level in the following scenarios:

You have a fully encrypted system on your USB stick like privatix 
(see http://www.mandalka.name/privatix/index.html.en ) and you are 
sitting in an internet cafe. There's a hardware keylogger installed 
on that the PC you use. You lose your USB stick, maybe you even 
forget it in the internet cafe (this happens)! 

Or: 

You have a curious husband/roomate how knows you are using privatix to stay
private. He knows where you keep the USB stick. He installs a hardware keylogger
because to get access to your data. Jealous husbands are common. 

> In order to implement it, implement a virtual keyboard (e.g.
> using TK with Perl/Python) and have it give the passphrase
> to cryptsetup. Integrating a virtual keyboard into cryptsetup
> is really not the UNIX way and very bad software design, as it
> increases complexity significantly without need. The virtual 
> keyboard should be a separate tool.

[In some later answer to that thread someone said cryptsetup could even read
from stdin.]

Unfortunately I'm not able to implement this, because I'm just a windows user
how uses privatix for sake of security. Nevertheless I believe it is quite hard
to get a virtual keyboard running at boot time with mouse support and all. I
have a different proposal for the method to enter the password:

On the screen might appear a list of all letters etc. with a random number next
to it. This might look like this:

A 5   a 56
B 23  b 4
C 7   c 8
...

If the user wants to enter "B" for example, he would just type in 23. The random
numbers could be exchaned randomly after every letter that was "typed". This way
the hardware keylogger would get a bunch of numbers without any meaning. If all
letters don't fit on the srceen, onle could have something like

LOWERCASE 85

By entering the random number 85 one would arrive at the table with the
lowercase letters.

I think this could easyly be implemented in cryptsetup as an option to enter the
pasword. Unfortunately I'm not able to do that. Could the project perhaps set
that as one of it's goals?

I'm grateful for answers, 
Jan





More information about the dm-crypt mailing list