From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <mbroz@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
	by mail.saout.de (Postfix) with ESMTP
	for <dm-crypt@saout.de>; Tue, 13 Apr 2010 21:55:03 +0200 (CEST)
Received: from int-mx02.intmail.prod.int.phx2.redhat.com
	(int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12])
	by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id o3DJt2mk006546
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK)
	for <dm-crypt@saout.de>; Tue, 13 Apr 2010 15:55:02 -0400
Received: from [10.36.11.246] (vpn2-11-246.ams2.redhat.com [10.36.11.246])
	by int-mx02.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id o3DJt0E1016979
	for <dm-crypt@saout.de>; Tue, 13 Apr 2010 15:55:01 -0400
Message-ID: <4BC4CC14.6080408@redhat.com>
Date: Tue, 13 Apr 2010 21:55:00 +0200
From: Milan Broz <mbroz@redhat.com>
MIME-Version: 1.0
References: <t2g61722e191004120810q3b2a7a36q592cd1cf12790db@mail.gmail.com>	<20100412171540.GA3138@tansi.org>	<20100412175856.GA12353@fancy-poultry.org>	<20100413154850.GA19142@tansi.org>
	<20100413193831.GA8772@fancy-poultry.org>
In-Reply-To: <20100413193831.GA8772@fancy-poultry.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] avoid keyloggers: enter password with mouse (virtual
 keyboard)
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On 04/13/2010 09:38 PM, Heinz Diehl wrote:
> On 13.04.2010, Arno Wagner wrote: 
> 
>> If he has a hardware Keylogger on his system, somebody
>> did physically manipulate his machine and all bets
>> are off anyways.
> 
> Of course. 
> 
> So this boils down to the fact that a software keyboard is useless :-)
> If somebody had physical access to the machine, there will be no
> way to detect any backdoors, and if somebody had been able to install a
> software keylogger, this person has already gained root access to the machine
> and could simply have read the master key from memory or whatever, you
> name it.

I just remember schoolbook example with "software keyboard" where 
such keyboard was used to enter PIN using mouse.

Instead of sending the key scan code back to hidden logger program,
it simply send rectangular areas on screen (screenshot) centered to
mouse clicks...
So attacker can easily read pin code from these few-bytes small pictures
of visual keyboard:-)

Milan