From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ww0-f50.google.com (mail-ww0-f50.google.com [74.125.82.50]) by mail.saout.de (Postfix) with ESMTP for ; Wed, 14 Apr 2010 20:43:03 +0200 (CEST) Received: by wwi18 with SMTP id 18so327741wwi.37 for ; Wed, 14 Apr 2010 11:43:02 -0700 (PDT) Message-ID: <4BC60CB2.8030902@gmail.com> Date: Wed, 14 Apr 2010 20:42:58 +0200 From: Olivier Sessink MIME-Version: 1.0 References: <20100412171540.GA3138@tansi.org> <20100412175856.GA12353@fancy-poultry.org> <20100413154850.GA19142@tansi.org> <20100413193831.GA8772@fancy-poultry.org> <4BC4CC14.6080408@redhat.com> <20100414153050.GA3966@tansi.org> In-Reply-To: <20100414153050.GA3966@tansi.org> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] avoid keyloggers: enter password with mouse (virtual keyboard) List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de Arno Wagner wrote: > Maybe tell us a bit more about your scenario? - the hardware is not under our control, - the users are only slightly security aware - a bootable USB stick is provided to the users, which has everything encrypted (except for /boot for obvious reasons) because the hardware is not under our control we won't get 100% security (I don't believe in 100% security anyway). So we try to avoid the most common threats (most of them cybercrime related). Software botnets, trojans etc. on the computer are defeated because we boot the hardware from our own image. I think most of our users are enough security aware that they should keep the USB stick secured (but I'm afraid not all of them, so modifications to /boot is an issue). But physical attacks like security camera's, keyloggers etc. are still possible. So we try to make them harder. I don't think our users are enough security aware to detect a hardware keylogger (they won't even notice that the usb plug is slightly larger than normal). That's why a virtual keyboard would make things harder. Olivier