I quite like gpggrid's approach to defeating key loggers: http://tinfoilhat.shmoo.com/source/gpggrid.c [I'd like it more if it were done so I didn't have to hit 3 keys to enter 1 character.] Regarding timed passwords: I don't think this is the best way to approach defeating key loggers. You are relying on the key logger not storing information that is none the less still available to it. It might work for now, but what about the next generation of key loggers? Seems like it would be a very easy feature to add. On 8/30/07, Klaus-J. Wolf <yanestra@xxxxxxxxxx> wrote: > Hi, > > I have written a small tool which allows to enter timed passwords. Timed > passwords might be useful when a key logger is present (like the > Bundestrojaner recently discussed in Germany). AFAIK there are no key loggers > that are able to log the key timings. > > I've written that small piece of code for the curses library, which, after > all, might not be a perfect solution. (It's simply the easiest one.) > > It could be possible to link the code with cryptsetup-luks, or, it can be used > separately by a frontend script. > > I appears to work well, but requires some learning efforts. Only relative > timings are used, so you can still enter your passphrase even if can't use > all fingers. > > What do you think? > > Regards > k.j. > > --------------------------------------------------------------------- > dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ > To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx > For additional commands, e-mail: dm-crypt-help@xxxxxxxx > > --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
