From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from op7.codingninjas.org (op7.codingninjas.org [209.222.52.116]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Thu, 15 Apr 2010 09:51:02 +0200 (CEST) Received: from sschai.localnet (69-196-138-36.dsl.teksavvy.com [69.196.138.36]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by op7.codingninjas.org (Postfix) with ESMTPSA id C02754E24A4 for ; Thu, 15 Apr 2010 03:51:00 -0400 (EDT) From: test532@codingninjas.org Date: Thu, 15 Apr 2010 03:50:56 -0400 References: <4BC60CB2.8030902@gmail.com> <20100414233054.GC9776@tansi.org> In-Reply-To: <20100414233054.GC9776@tansi.org> MIME-Version: 1.0 Content-Type: Text/Plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Message-Id: <201004150350.57460.test532@codingninjas.org> Subject: Re: [dm-crypt] avoid keyloggers: enter password with mouse (virtual keyboard) List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de It's good to see that you have come to your senses Arno. > On Wed, Apr 14, 2010 at 08:42:58PM +0200, Olivier Sessink wrote: > > Arno Wagner wrote: > > > Maybe tell us a bit more about your scenario? > > > > - the hardware is not under our control, > > Ok, I see your problem. > > > - the users are only slightly security aware > > - a bootable USB stick is provided to the users, which has everything > > encrypted (except for /boot for obvious reasons) > > Ok, so basically open, but it takes a bit of effort to > get it open, namely to capture the passphrase. > > > because the hardware is not under our control we won't get 100% security > > (I don't believe in 100% security anyway). So we try to avoid the most > > common threats (most of them cybercrime related). Software botnets, > > trojans etc. on the computer are defeated because we boot the hardware > > from our own image. I think most of our users are enough security aware > > that they should keep the USB stick secured (but I'm afraid not all of > > them, so modifications to /boot is an issue). > > And a modified /boot will basically result in a broken system. > > > But physical attacks like security camera's, keyloggers etc. are still > > possible. So we try to make them harder. I don't think our users are > > enough security aware to detect a hardware keylogger (they won't even > > notice that the usb plug is slightly larger than normal). That's why a > > virtual keyboard would make things harder. > > Well, while I do not really think the virtual keyboard will help > to a larger degree, it may still raise security a bit. > > In order to implement it, implement a virtual keyboard (e.g. > using TK with Perl/Python) and have it give the passphrase > to cryptsetup. Integrating a virtual keyboard into cryptsetup > is really not the UNIX way and very bad software design, as it > increases complexity significantly without need. The virtual > keyboard should be a separate tool. > > What I do not see in the current cryptsetup though, is an > option to read the passphrase from stdin, file or named pipe. > That would be a reasonable extension IMO. > > Arno >