On 04/13/2010 09:38 PM, Heinz Diehl wrote: > On 13.04.2010, Arno Wagner wrote: > >> If he has a hardware Keylogger on his system, somebody >> did physically manipulate his machine and all bets >> are off anyways. > > Of course. > > So this boils down to the fact that a software keyboard is useless :-) > If somebody had physical access to the machine, there will be no > way to detect any backdoors, and if somebody had been able to install a > software keylogger, this person has already gained root access to the machine > and could simply have read the master key from memory or whatever, you > name it. I just remember schoolbook example with "software keyboard" where such keyboard was used to enter PIN using mouse. Instead of sending the key scan code back to hidden logger program, it simply send rectangular areas on screen (screenshot) centered to mouse clicks... So attacker can easily read pin code from these few-bytes small pictures of visual keyboard:-) Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
