Penetration Testing mailing list archives
Re: randomizing keyboard input
From: Larry Offley <lucullus () shaw ca>
Date: Fri, 14 Sep 2007 18:29:08 -0700
It might slow down non-hardware keyloggers. The thing is there is software that can unrandomize simple letter exchanges. So if I capture a few paragraphs of keystrokes it should be fairly easy (possible even by hand) to determine the correct letter exchanges. Nice Idea but unless you had hardware and software that worked together (like the smart cards that change pins every sec minutes). What you need is keyboard that encrypts the keystrokes and then software reversed it. Again the problem is If i can run software on your system (ie a keylogger) I can probably run anything I want.
Larry Offley http://security.offley.ca Cypher wrote:
alo alo, a friend and i have been working on an idea. We want to create a framework the randomizes the keyboard input. heres the basics, we all know that the theres a keyboard layout, dumpkeys in linux will show you what there is, what were trying to do is take and make a random keylayout on boot, then find a way to decrypt this for an applications. basically, were trying to find a way past keyloggers. if a keylogger is logging what you type, but the keylayout is randomized from the keyboard to application, then the keylogger is no good. were trying to create a framework for this but are having some trouble coming up with some basics on how to remap the keylayout to say the device input of the keyboard to the output device like the application openoffice. if this could be accomplished then it would defeat the purpose if keyloggers since they depend on standard keyboard layouts to decode keyinputs. has anyone come across an appication or idea like this that would be of help? or even just some thoughts that would lead us in the right direction would be greatly appreciated. thank you all for your time.
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- randomizing keyboard input Cypher (Sep 14)
- Re: randomizing keyboard input Larry Offley (Sep 14)
- Re: randomizing keyboard input Jerome Athias (Sep 15)
- <Possible follow-ups>
- Re: randomizing keyboard input timisw (Sep 15)