From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cHqdq2vsOFJv for ; Tue, 4 Oct 2011 20:28:02 +0200 (CEST) Received: from v4.tansi.org (ns.km33513-03.keymachine.de [87.118.94.3]) by mail.saout.de (Postfix) with ESMTP for ; Tue, 4 Oct 2011 20:28:01 +0200 (CEST) Received: from gatewagner.dyndns.org (84-74-163-71.dclient.hispeed.ch [84.74.163.71]) by v4.tansi.org (Postfix) with ESMTPA id 4301D1404001 for ; Tue, 4 Oct 2011 20:28:01 +0200 (CEST) Date: Tue, 4 Oct 2011 20:28:00 +0200 From: Arno Wagner Message-ID: <20111004182800.GA16389@tansi.org> References: <20100412171540.GA3138@tansi.org> <20100412175856.GA12353@fancy-poultry.org> <20100413154850.GA19142@tansi.org> <20100413193831.GA8772@fancy-poultry.org> <4BC4CC14.6080408@redhat.com> <20100414153050.GA3966@tansi.org> <4BC60CB2.8030902@gmail.com> <20100414233054.GC9776@tansi.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Subject: Re: [dm-crypt] avoid keyloggers: enter password with mouse?(virtual?keyboard) List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On Tue, Oct 04, 2011 at 03:02:55PM +0000, Jan wrote: > Arno Wagner writes: > > > > On Wed, Apr 14, 2010 at 08:42:58PM +0200, Olivier Sessink wrote: > > > Arno Wagner wrote: > [...] > > > Well, while I do not really think the virtual keyboard will help > > to a larger degree, it may still raise security a bit. > > It raises security to the NECESSARY level in the following scenarios: > > You have a fully encrypted system on your USB stick like privatix > (see http://www.mandalka.name/privatix/index.html.en ) and you are > sitting in an internet cafe. There's a hardware keylogger installed > on that the PC you use. You lose your USB stick, maybe you even > forget it in the internet cafe (this happens)! > > Or: > > You have a curious husband/roomate how knows you are using privatix to stay > private. He knows where you keep the USB stick. He installs a hardware keylogger > because to get access to your data. Jealous husbands are common. > > > In order to implement it, implement a virtual keyboard (e.g. > > using TK with Perl/Python) and have it give the passphrase > > to cryptsetup. Integrating a virtual keyboard into cryptsetup > > is really not the UNIX way and very bad software design, as it > > increases complexity significantly without need. The virtual > > keyboard should be a separate tool. > > [In some later answer to that thread someone said cryptsetup could even read > from stdin.] > > Unfortunately I'm not able to implement this, because I'm just a windows user > how uses privatix for sake of security. Nevertheless I believe it is quite hard > to get a virtual keyboard running at boot time with mouse support and all. I > have a different proposal for the method to enter the password: > > On the screen might appear a list of all letters etc. with a random number next > to it. This might look like this: > > A 5 a 56 > B 23 b 4 > C 7 c 8 > ... > > If the user wants to enter "B" for example, he would just type in 23. The random > numbers could be exchaned randomly after every letter that was "typed". This way > the hardware keylogger would get a bunch of numbers without any meaning. If all > letters don't fit on the srceen, onle could have something like > > LOWERCASE 85 > > By entering the random number 85 one would arrive at the table with the > lowercase letters. This is a reasonable design design. However it assumes a terminal of a certain height (or at least a possibility to _query_ height). It could leave users stuck, for example when all they have is two lines or another small number. This could happen on appliances with LCDs for example. So I would add a possibility to bypass and enter the passphrase verbatim, to have a fallback. As your UI takes only numbers and ENTER, say, the x-Key could be used to get into passphrase mode. > I think this could easyly be implemented in cryptsetup as an option to enter the > pasword. Unfortunately I'm not able to do that. Could the project perhaps set > that as one of it's goals? And again, wrong approach from an architecture point of view. This belongs into an external tool, that could be connected to cryptsetup via stdin or wrap the call. Other than that, I think this would be a neat add-on, but not a cryptsetup core project. Something like zuluCrypt (but easier to do ;-) Side note: We might think about adding a link-list for such projects. Side note 2: A virtual keyboard does not need a mouse. You can use arrow-keys. You still need some terminal-interface, like from ncurses. Side note 3: All this only helps to a limited degree. A PC with keylogger might just also have a video-grabber (or cheap HD camera) pointed at the screen. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier