[dm-crypt] avoid keyloggers: enter password with mouse?(virtual?keyboard)

Arno Wagner arno at wagner.name
Tue Oct 4 20:28:00 CEST 2011

On Tue, Oct 04, 2011 at 03:02:55PM +0000, Jan wrote:
> Arno Wagner <arno at ...> writes:
> > 
> > On Wed, Apr 14, 2010 at 08:42:58PM +0200, Olivier Sessink wrote:
> > > Arno Wagner wrote:
> [...]
> > Well, while I do not really think the virtual keyboard will help
> > to a larger degree, it may still raise security a bit. 
> It raises security to the NECESSARY level in the following scenarios:
> You have a fully encrypted system on your USB stick like privatix 
> (see http://www.mandalka.name/privatix/index.html.en ) and you are 
> sitting in an internet cafe. There's a hardware keylogger installed 
> on that the PC you use. You lose your USB stick, maybe you even 
> forget it in the internet cafe (this happens)! 
> Or: 
> You have a curious husband/roomate how knows you are using privatix to stay
> private. He knows where you keep the USB stick. He installs a hardware keylogger
> because to get access to your data. Jealous husbands are common. 
> > In order to implement it, implement a virtual keyboard (e.g.
> > using TK with Perl/Python) and have it give the passphrase
> > to cryptsetup. Integrating a virtual keyboard into cryptsetup
> > is really not the UNIX way and very bad software design, as it
> > increases complexity significantly without need. The virtual 
> > keyboard should be a separate tool.
> [In some later answer to that thread someone said cryptsetup could even read
> from stdin.]
> Unfortunately I'm not able to implement this, because I'm just a windows user
> how uses privatix for sake of security. Nevertheless I believe it is quite hard
> to get a virtual keyboard running at boot time with mouse support and all. I
> have a different proposal for the method to enter the password:
> On the screen might appear a list of all letters etc. with a random number next
> to it. This might look like this:
> A 5   a 56
> B 23  b 4
> C 7   c 8
> ...
> If the user wants to enter "B" for example, he would just type in 23. The random
> numbers could be exchaned randomly after every letter that was "typed". This way
> the hardware keylogger would get a bunch of numbers without any meaning. If all
> letters don't fit on the srceen, onle could have something like
> By entering the random number 85 one would arrive at the table with the
> lowercase letters.

This is a reasonable design design. However it assumes a terminal
of a certain height (or at least a possibility to _query_ height).
It could leave users stuck, for example when all they have is
two lines or another small number. This could happen on appliances
with LCDs for example.

So I would add a possibility to bypass and enter the passphrase 
verbatim, to have a fallback. As your UI takes only
numbers and ENTER, say, the x-Key could be used to get
into passphrase mode.
> I think this could easyly be implemented in cryptsetup as an option to enter the
> pasword. Unfortunately I'm not able to do that. Could the project perhaps set
> that as one of it's goals?

And again, wrong approach from an architecture point of view. 
This belongs into an external tool, that could be connected to 
cryptsetup via stdin or wrap the call.

Other than that, I think this would be a neat add-on, but not a
cryptsetup core project. Something like zuluCrypt (but easier
to do ;-)

Side note: We might think about adding a link-list for
such projects.

Side note 2: A virtual keyboard does not need a mouse. You can use 
arrow-keys. You still need some terminal-interface, like from

Side note 3: All this only helps to a limited degree. A PC 
with keylogger might just also have a video-grabber (or 
cheap HD camera) pointed at the screen.

Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 

More information about the dm-crypt mailing list