Hardware For Protecting Your Passwords? 16
AstroBush asks: "I was reading this article which raised a very interesting question: Hardware keylogging devices now exist which can record all output of the keyboard regardless of operating system, permissions, or any software-based controls. How can I protect myself from having a co-worker (or student, thief, ex-wife, etc...) using one of these devices on my machine? Is there any keyboard available which encrypts output before it reaches the computer?"
Obvious solution (Score:1)
You might also want to consider using a slide-rule rather than a computer.
One time pad (Score:1)
Joe
of course not! (Score:1)
;-}
Silly (Score:1)
Re:Why bother? (Score:1)
You can't (Score:1)
I think the answer is, "you can't". The information is unencrypted at some point, and if your adversary has physical access to your computer they can get at it. The FBI has been known to install bugs within the keyboard itself [philly.com] to record keystrokes in cases where the target has encrypted the data on the computer.
Get real. (Score:1)
user your mouse (Score:1)
Why bother? (Score:1)
Re:Silly (Score:1)
They could never transmite!
Bwahahaha!
SecureID (Score:1)
The answer to this for security conscious organizations is SecureID. See http://www.rsasecurity.com/ [slashdot.org] for more info.
I think this question is actually serious.. (Score:2)
Anyway, the answer is no. If they can tamper with your hardware, you're throughly screwed.
Several suggestions (Score:2)
2. Don't use passwords; switch to public keys and store your private keys on a smart card or iButton (which someone else already mentioned).
darn browser (Score:2)
1. Use a One Time Password system.
Re:Why bother? (Score:2)
This is much harder to find than the KeyKatcher, which is an 8KB keyboard dongle about the size of two PS2 keyboard plugs back-to-back (longer and narrower than a quarter.) It has a KK logo on it which looks kind of like a fast forward or rewind icon. It's installed by plugging the keyboard into it, and plugging the other end of it into your PC. It's technically about within the installation limits of your typical boss.
I think all of the current technology keyboard memory dongles are physically very small and have quite stringent memory limits... 8KB and 32KB come to mind. If you have enabled your keyboard's typematic repeat (usually a BIOS setting, set the repeat rate to as fast as it'll go) you could probably blow a 32KB buffer by setting a book on your spacebar for an hour before typing your password. Of course, IANAS (I Am Not A Spook) so I don't know if they've got 512KB buffers or radio transceivers installed in your keyboard. So, if you get busted, I'm hereby officially disclaiming any liability.
John
No. (Score:4)
For any keyboard system to be encrypted, you would need both hardware and either firmware or software support for it. Given the power of the CPUs put into keyboards, I don't think you would find strong enough encryption to be useful. After all, with a keyboard it's dead simple for a perp to run a known-plaintext attack on the keyboard.
Consider a laptop that you keep in your possession at all times, or lock in a safe when not in use.
Physical security is all-important with keyboards.
(And I hope this wasn't the last of the April Fool's Jokes -- they got old real fast this year.)