From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <derliebegott@gmail.com>
Received: from mail.saout.de ([127.0.0.1])
 by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id OnzV1KbG7i-B for <dm-crypt@saout.de>;
 Wed, 30 Nov 2011 15:28:16 +0100 (CET)
Received: from mail-vw0-f50.google.com (mail-vw0-f50.google.com
 [209.85.212.50]) (using TLSv1 with cipher RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mail.saout.de (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Wed, 30 Nov 2011 15:28:16 +0100 (CET)
Received: by vbbey12 with SMTP id ey12so440451vbb.37
 for <dm-crypt@saout.de>; Wed, 30 Nov 2011 06:28:15 -0800 (PST)
MIME-Version: 1.0
In-Reply-To: <CAL1L0DFuNZn4JjxNk9srL-4eYD6+x793HH+jPkOC2-pFhf=BSg@mail.gmail.com>
References: <20100412171540.GA3138@tansi.org>
 <20100412175856.GA12353@fancy-poultry.org>
 <20100413154850.GA19142@tansi.org>
 <20100413193831.GA8772@fancy-poultry.org>
 <4BC4CC14.6080408@redhat.com>
 <v2q61722e191004140611zc1eb0076xe17b9fdf80b09594@mail.gmail.com>
 <20100414153050.GA3966@tansi.org> <4BC60CB2.8030902@gmail.com>
 <20100414233054.GC9776@tansi.org>
 <loom.20111004T163245-162@post.gmane.org>
 <20111004184809.GB3071@fancy-poultry.org>
 <CAL1L0DFuNZn4JjxNk9srL-4eYD6+x793HH+jPkOC2-pFhf=BSg@mail.gmail.com>
Date: Wed, 30 Nov 2011 15:28:14 +0100
Message-ID: <CAL1L0DF4MxJgHjSmsV8Qh5EqBU4EMrp6ccXaTr79FhW6RWZ9Tw@mail.gmail.com>
From: Ma Begaj <derliebegott@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Subject: Re: [dm-crypt] avoid keyloggers: enter password with
	mouse?(virtual?keyboard)
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

2011/11/30 Ma Begaj <derliebegott@gmail.com>:
> 2011/10/4 Heinz Diehl <htd@fancy-poultry.org>:
>> On 04.10.2011, Jan wrote:
>>
>>> You have a fully encrypted system on your USB stick like privatix
>>> (see http://www.mandalka.name/privatix/index.html.en ) and you are
>>> sitting in an internet cafe. There's a hardware keylogger installed
>>> on that the PC you use. You lose your USB stick, maybe you even
>>> forget it in the internet cafe (this happens)!
>> [.....]
>>
>> Privacy on a machine outside of your control is a no-go.
>> There are by far more options to get access to your data if
>> somebody other than yourself has admin/root access to the machine
>> you're using. A simple script which does a copy of anything inserted
>> will do it. Or the admin himself logged in from another machine, and
>> many more...
>
>
> that is not true. two factor authorization solves this problem pretty easy.
>
> I am using barada on my machines for SSH and it is working pretty great.
> http://barada.sourceforge.net/


s/authorization/authentication/