Arno Wagner wrote: > Maybe tell us a bit more about your scenario? - the hardware is not under our control, - the users are only slightly security aware - a bootable USB stick is provided to the users, which has everything encrypted (except for /boot for obvious reasons) because the hardware is not under our control we won't get 100% security (I don't believe in 100% security anyway). So we try to avoid the most common threats (most of them cybercrime related). Software botnets, trojans etc. on the computer are defeated because we boot the hardware from our own image. I think most of our users are enough security aware that they should keep the USB stick secured (but I'm afraid not all of them, so modifications to /boot is an issue). But physical attacks like security camera's, keyloggers etc. are still possible. So we try to make them harder. I don't think our users are enough security aware to detect a hardware keylogger (they won't even notice that the usb plug is slightly larger than normal). That's why a virtual keyboard would make things harder. Olivier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
