Re: randomizing keyboard input

From: Larry Offley (lucullus@shaw.ca)
Date: Fri Sep 14 2007 - 21:29:08 EDT

• Next message: Bill Stout: "Re: Wiping Solaris Servers"
• Previous message: Cypher: "randomizing keyboard input"
• In reply to: Cypher: "randomizing keyboard input"
• Next in thread: Jerome Athias: "Re: randomizing keyboard input"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

It might slow down non-hardware keyloggers. The thing is there is
software that can unrandomize simple letter exchanges. So if I capture a
few paragraphs of keystrokes it should be fairly easy (possible even by
hand) to determine the correct letter exchanges. Nice Idea but unless
you had hardware and software that worked together (like the smart cards
that change pins every sec minutes). What you need is keyboard that
encrypts the keystrokes and then software reversed it. Again the problem
is If i can run software on your system (ie a keylogger) I can probably
run anything I want.

Larry Offley
http://security.offley.ca

Cypher wrote:
> alo alo,
> a friend and i have been working on an idea. We want to create a
> framework the randomizes the keyboard input. heres the basics, we all
> know that the theres a keyboard layout, dumpkeys in linux will show you
> what there is, what were trying to do is take and make a random
> keylayout on boot, then find a way to decrypt this for an applications.
> basically, were trying to find a way past keyloggers. if a keylogger is
> logging what you type, but the keylayout is randomized from the keyboard
> to application, then the keylogger is no good. were trying to create a
> framework for this but are having some trouble coming up with some
> basics on how to remap the keylayout to say the device input of the
> keyboard to the output device like the application openoffice. if this
> could be accomplished then it would defeat the purpose if keyloggers
> since they depend on standard keyboard layouts to decode keyinputs. has
> anyone come across an appication or idea like this that would be of
> help? or even just some thoughts that would lead us in the right
> direction would be greatly appreciated. thank you all for your time.
>
>
>

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: Bill Stout: "Re: Wiping Solaris Servers"
• Previous message: Cypher: "randomizing keyboard input"
• In reply to: Cypher: "randomizing keyboard input"
• Next in thread: Jerome Athias: "Re: randomizing keyboard input"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:07 EDT