From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <htd@fancy-poultry.org>
Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.17.9])
	by mail.saout.de (Postfix) with ESMTP
	for <dm-crypt@saout.de>; Tue, 13 Apr 2010 21:38:31 +0200 (CEST)
Date: Tue, 13 Apr 2010 21:38:31 +0200
From: Heinz Diehl <htd@fancy-poultry.org>
Message-ID: <20100413193831.GA8772@fancy-poultry.org>
References: <t2g61722e191004120810q3b2a7a36q592cd1cf12790db@mail.gmail.com>
	<20100412171540.GA3138@tansi.org>
	<20100412175856.GA12353@fancy-poultry.org>
	<20100413154850.GA19142@tansi.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20100413154850.GA19142@tansi.org>
Subject: Re: [dm-crypt] avoid keyloggers: enter password with mouse (virtual
 keyboard)
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On 13.04.2010, Arno Wagner wrote: 

> If he has a hardware Keylogger on his system, somebody
> did physically manipulate his machine and all bets
> are off anyways.

Of course. 

So this boils down to the fact that a software keyboard is useless :-)
If somebody had physical access to the machine, there will be no
way to detect any backdoors, and if somebody had been able to install a
software keylogger, this person has already gained root access to the machine
and could simply have read the master key from memory or whatever, you
name it.