From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from tansi.org (ns.km10532-04.keymachine.de [87.118.102.195]) by mail.saout.de (Postfix) with ESMTP for ; Tue, 13 Apr 2010 17:46:11 +0200 (CEST) Received: from gatewagner.dyndns.org (84-74-164-239.dclient.hispeed.ch [84.74.164.239]) by tansi.org (Postfix) with ESMTPA id 63D99212804A for ; Tue, 13 Apr 2010 17:46:11 +0200 (CEST) Date: Tue, 13 Apr 2010 17:48:50 +0200 From: Arno Wagner Message-ID: <20100413154850.GA19142@tansi.org> References: <20100412171540.GA3138@tansi.org> <20100412175856.GA12353@fancy-poultry.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20100412175856.GA12353@fancy-poultry.org> Subject: Re: [dm-crypt] avoid keyloggers: enter password with mouse (virtual keyboard) List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On Mon, Apr 12, 2010 at 07:58:56PM +0200, Heinz Diehl wrote: > On 12.04.2010, Arno Wagner wrote: > > > However as a keylogger has to be root and root can read > > the encryption key from memory, it is pretty useless > > security-wise. > > Seems it's an hardware keylogger he meant.. If he has a hardware Keylogger on his system, somebody did physically manipulate his machine and all bets are off anyways. There may, e.g., now be a webcam in his ceiling, recording whatever is on his screen. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier