[dm-crypt] avoid keyloggers: enter password with mouse?(virtual?keyboard)

Jan takethebus at gmx.de
Wed Oct 5 11:37:01 CEST 2011


Arno Wagner <arno at ...> writes:

> I really don't know. If it is just the spare-time project of the
> Internet Cafee owner, you might be right. If it is the project
> of the secret police, recording the video off the cable is 
> conveivable, although a bit more expensive than the about $80
> for the hardware keylogger.

Usually it sould be a spare time project, since I choose the internet cafe at
random and video grabber cost about $170 (see http://www.keydemon.com/ ). It
would be nice to be protected against hardware keyloggers at least with the
software I proposed. I know some C basics. In case I find some time, where could
I get the mentioned linux knowledge?

Originally I wanted to find a way to use my GnuPG key in internet cafes savely.
Since as you pointed out, even with the software I proposed, there is no
"absolute" security. Here's my pragmatical solution:

0. Use privatix.
1. Protect against hardware keyloggers with the software I proposed to defeat
the "most common" thread.
2. Use TWO GnuPG keys with the following user-IDs:
   
   "My Name 
   (very safe, your email reaches 
    me at my save PC at home only) 
   <myaddress at gmx.de>",
   
   "My Name 
   (not completely safe, your email reaches 
    me in unsecure internet cafes and at home) 
   <myaddress at gmx.de>"

3. Have two privatix USB sticks, one for at home, the other for internet cafes
etc. The first one never leaves my home.

This way people who want to send me an encrypted email can decide for hemselves
which level of security their message needs. If they chose the second key at
east internet providers cannot read the content of the email and send
personalized advertisments etc. 

Another question:
When I plug in my USB stick in an internet cafe, boot from it and have
decrcypted it, is there a hardware mechanism known to you that could
automatically copy the DECRYPTED contents of my stick? I think that's unlikely
since the decryption takes place in the OS, ist that right?








More information about the dm-crypt mailing list