From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <rdzidlic@googlemail.com>
Received: from mail-bw0-f217.google.com (mail-bw0-f217.google.com
	[209.85.218.217]) by mail.saout.de (Postfix) with ESMTP
	for <dm-crypt@saout.de>; Mon, 12 Apr 2010 19:49:29 +0200 (CEST)
Received: by bwz9 with SMTP id 9so4855608bwz.29
	for <dm-crypt@saout.de>; Mon, 12 Apr 2010 10:49:29 -0700 (PDT)
Sender: Richard Zidlicky <rdzidlic@googlemail.com>
Date: Mon, 12 Apr 2010 19:51:50 +0200
From: Richard Zidlicky <rz@linux-m68k.org>
Message-ID: <20100412175150.GA15644@linux-m68k.org>
References: <t2g61722e191004120810q3b2a7a36q592cd1cf12790db@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <t2g61722e191004120810q3b2a7a36q592cd1cf12790db@mail.gmail.com>
Subject: Re: [dm-crypt] avoid keyloggers: enter password with mouse	(virtual
	keyboard)
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=subscribe>
To: Olivier Sessink <oliviersessink@gmail.com>
Cc: dm-crypt@saout.de

On Mon, Apr 12, 2010 at 05:10:13PM +0200, Olivier Sessink wrote:
> Hi all,
> 
> several disk encryption products feature a virtual keyboard, so users
> can use the mouse to enter the password which makes keyloggers
> useless. 

it does not make keyloggers useless, only requires slightly different manipulation
to the system.

You get the best safety if you have encrypted root and swap and boot off
a CD which contains your kernel and ramdisk. There is no keylogger unless
you did burn it on the CD.

Guaranteeing the integrity of the boot media is extremely important and
afaics only physical security of the media helps here.

Richard