Re: [dm-crypt] avoid keyloggers: enter password with mouse?(virtual?keyboard)

[Arno Wagner <arno@wagner.name>]

On Tue, Oct 04, 2011 at 09:42:45PM +0000, Jan wrote:
> Arno Wagner <arno@...> writes:
> 
> > On Tue, Oct 04, 2011 at 03:02:55PM +0000, Jan wrote:
> > > Arno Wagner <arno@...> writes:
> > Other than that, I think this would be a neat add-on, but not a
> > cryptsetup core project. Something like zuluCrypt (but easier
> > to do)
> > 
> > Side note: We might think about adding a link-list for
> > such projects.
> 
> Whom could I encourage to realize such a project?
>
> > Side note 3: All this only helps to a limited degree. A PC 
> > with keylogger might just also have a video-grabber (or 
> > cheap HD camera) pointed at the screen.
> 
> Heinz Diehl <htd@...> writes:
> 
> > Privacy on a machine outside of your control is a no-go.
> > There are by far more options to get access to your data if
> > somebody other than yourself has admin/root access to the machine
> > you're using. A simple script which does a copy of anything inserted
> > will do it. Or the admin himself logged in from another machine, and
> > many more...
> 
> Tools like privatix (see http://www.mandalka.name/privatix/index.html.en )
> are designed for MOBILE use to make internet cafes a SAFER place. This 
> does not mean such systems offer perfect security. 

Well, yes. The question is whether an internet Cafe installing
a hardware keylogger will not do some extra things that render
privatix security entirely compromised. A software keylogger is
alredy defeated by the clean boot, going to the extra trouble
to install a hardware keylogger requires some (small) real 
commitment from the attacker.

> Booting your own OS safes you from "software attacks" like the ones 
> Heinz Diehl mentioned (is this right?). Thus the "only" remaining thread 
> comes from the hardware side. It seems to me the most COMMON thread there 
> are hardware keyloggers. I thinks hardware based video-grabbers are not 
> that common (what do you think?). They need a lot of disk space, don't they? 
> In my scenario the attacker would need a hardware video-grabbers AND a 
> hardware keylogger, I think this should be unlikely in common internet cafes, 
> while a keyloger alone is likely. 

Well, I agree that it is more effort. But going though the output
from a keylogger already is significant effort.
 
> HD camera pointed at the screen don't seem such a threat to me since in
> internet cafes you can often turn the screen or move your body close to
> it, so its content is hard to see for others.
> 
> My point is I want to be protected agains the likely threads, not the
> unlikely.  If I have very very sensitive data, I agree, that using an
> internet cafe is no good.

I really don't know. If it is just the spare-time project of the
Internet Cafee owner, you might be right. If it is the project
of the secret police, recording the video off the cable is 
conveivable, although a bit more expensive than the about $80
for the hardware keylogger.

> Originally I was looking for a rather safe way to use my gnuPG-key in 
> internet cafes or foreign computers.

And yes, it is safer. It is still not very safe.

As to who could do it, no idea. It is not very hard to do,
but requires some Linux knowledge. It should possibly also be 
done in C to be usable early during boot and in an initrd.

Personally, I could do it, but I have other projects, sorry.

Arno
-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier