On Wed, Oct 05, 2011 at 09:37:01AM +0000, Jan wrote: > Arno Wagner <arno@...> writes: > > > I really don't know. If it is just the spare-time project of the > > Internet Cafee owner, you might be right. If it is the project > > of the secret police, recording the video off the cable is > > conveivable, although a bit more expensive than the about $80 > > for the hardware keylogger. > > Usually it sould be a spare time project, since I choose the internet cafe > at random and video grabber cost about $170 (see http://www.keydemon.com/ > ). It would be nice to be protected against hardware keyloggers at least > with the software I proposed. I know some C basics. In case I find some > time, where could I get the mentioned linux knowledge? A C on Linux tutorial should be enough then. Minimal process: 1. Write C-Programm with editor (of your choice, examples: joe, vi, emacs) 2. gcc -o <program> <sourcefile>.c This is for a single source file. Should be enough. For screen output, just do a complete screen rewrite line-wise with the "poor man's teminal clear" (write 25 or 50 emtpy lines). You can get c library help either from the GNU info pages ("info libc") or often from the commandline "man 3 <command>", e.g. "man 3 printf". The "3" refers to section 3 of tha manual which is the C library. You may have to install the C library documentation package. Attacheing a command via its STDIN is a bit more tricky, but can be done with "popen". An example is here: http://stackoverflow.com/questions/70842/execute-program-from-within-a-c-program As usual, Google is your friend, just add "linux" to the C query. > Originally I wanted to find a way to use my GnuPG key in internet cafes > savely. Since as you pointed out, even with the software I proposed, > there is no "absolute" security. Here's my pragmatical solution: > > 0. Use privatix. > 1. Protect against hardware keyloggers with the software I proposed to > defeat the "most common" thread. > 2. Use TWO GnuPG keys with the following user-IDs: > > "My Name > (very safe, your email reaches > me at my save PC at home only) > <myaddress@xxxxxx>", > > "My Name > (not completely safe, your email reaches > me in unsecure internet cafes and at home) > <myaddress@xxxxxx>" Make sure the second one is clearly marked as not-that-secure, as the sender has to choose which one to use. > 3. Have two privatix USB sticks, one for at home, the other for internet > cafes etc. The first one never leaves my home. > > This way people who want to send me an encrypted email can decide for > hemselves which level of security their message needs. If they chose the > second key at east internet providers cannot read the content of the email > and send personalized advertisments etc. > > Another question: > When I plug in my USB stick in an internet cafe, boot from it and have > decrcypted it, is there a hardware mechanism known to you that could > automatically copy the DECRYPTED contents of my stick? I think that's unlikely > since the decryption takes place in the OS, ist that right? Nothing standard. The best bet IMO would be to fake the boot using a VM and then read the key from the VM's memory. You are right that decryption is done in the PC, the data that goes over USB is still encrypted. I would say that besides the faked boot via VM, you do not need to worry about it in your scenario. And to fight the faked boot, do a full power cycle with wall socket unplug, not just a reset. Presenting such a faked boot takes some effort though. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
