«

Hi all

I have some data and programmes on a USB flash memory device and this
is encrypted on the device. Is there anyway of preventing a keyboard
logger from seeing the password that I am typing to open up the
encrypted data on the USB device. I use this device on various
computers not under my control.

Many thanks
--
To reply, take NOSPAM out of my email address.

wrote:
> Is there anyway of preventing a keyboard
> logger from seeing the password that I am typing to open up the
> encrypted data on the USB device. I use this device on various
> computers not under my control.

Yup, don't use it on computers you do not control or only use it on
computers you control or only use it on your own computer which I assume
you trust.

On Mon, 24 Oct 2005 18:38:39 +1300,
wrote:

>I have some data and programmes on a USB flash memory device and this
>is encrypted on the device. Is there anyway of preventing a keyboard
>logger from seeing the password that I am typing to open up the
>encrypted data on the USB device. I use this device on various
>computers not under my control.

No. Not realy.

But if your data is that sensitive, you could buy a USB device
that requires both a fingerprint scan (on the same device!) and a
password to open.

--
Kind regards,
Gerard Bok

On Mon, 24 Oct 2005 18:38:39 +1300, wrote:

>Hi all
>
>I have some data and programmes on a USB flash memory device and this
>is encrypted on the device. Is there anyway of preventing a keyboard
>logger from seeing the password that I am typing to open up the
>encrypted data on the USB device. I use this device on various
>computers not under my control.
>
>Many thanks

How about using a key disk?

Blowfish Advanced CS can make use of a floppy disk that contains your
key, and this would get around having to manually type in a password.
It may even be possible to store this key on another USB device.

Other than that, perhaps consider changing your password each time you
use the USB device on anything but your own machine.

http://www.hotpixel.net/software.html

Regards,



--
Stephen Howard - Woodwind repairs & period restorations
www.shwoodwind.co.uk
Emails to: showard{whoisat}shwoodwind{dot}co{dot}uk

wrote in news:cqsol11qeh4j1q6a9lnr3j2celjk2ovjq5
@4ax.com:

> Hi all
>
> I have some data and programmes on a USB flash memory device and this
> is encrypted on the device. Is there anyway of preventing a keyboard
> logger from seeing the password that I am typing to open up the
> encrypted data on the USB device. I use this device on various
> computers not under my control.
>
> Many thanks




It's very much like the affordablity of yachts: if you have to ask...

If you are worried about what a keylogger might do, then you obviously do
not have continuous control and custody of your computer. Without physical
security you are lost - (almost) nothing can compensate against a
sufficiently skilled adversary. Even limited or inept adversaries can do
much to compromise your security if they have physical access to the
machine and environs.

Hardware keyloggers must be detected physically by inspection. That means,
inter alia, opening your keyboard and looking. Do you know what to look
for? Or video or audio surveillance could have been put in place. Do you
know how to check?

Software keyloggers are much easier, but not necessarily trivial. The
surest protection against them is full OTFE HD encryption. The alternative
of looking for them after the fact is a much inferior method.

Regards,

PS There are a number of makeshifts that can be used such as applying
tamper-indicating seals to the keyboard and computer case. Sadly, these
asre insufficient to stop even a moderately-skilled opponent (see, for
instance, the Los Alamos studies re tamper indication devices).

nemo_outis wrote:
> wrote in news:cqsol11qeh4j1q6a9lnr3j2celjk2ovjq5
> @4ax.com:
>
>
>>Hi all
>>
>>I have some data and programmes on a USB flash memory device and this
>>is encrypted on the device. Is there anyway of preventing a keyboard
>>logger from seeing the password that I am typing to open up the
>>encrypted data on the USB device. I use this device on various
>>computers not under my control.
>>
>>Many thanks
>
>
>
>
>
> It's very much like the affordablity of yachts: if you have to ask...
>
> If you are worried about what a keylogger might do, then you obviously do
> not have continuous control and custody of your computer. Without physical
> security you are lost - (almost) nothing can compensate against a
> sufficiently skilled adversary. Even limited or inept adversaries can do
> much to compromise your security if they have physical access to the
> machine and environs.
>
> Hardware keyloggers must be detected physically by inspection. That means,
> inter alia, opening your keyboard and looking. Do you know what to look
> for? Or video or audio surveillance could have been put in place. Do you
> know how to check?
>
> Software keyloggers are much easier, but not necessarily trivial. The
> surest protection against them is full OTFE HD encryption. The alternative
> of looking for them after the fact is a much inferior method.
>
> Regards,
>
> PS There are a number of makeshifts that can be used such as applying
> tamper-indicating seals to the keyboard and computer case. Sadly, these
> asre insufficient to stop even a moderately-skilled opponent (see, for
> instance, the Los Alamos studies re tamper indication devices).
>
>
Using password safe in an unencrypted folder you can open password safe
(open source http://sourceforge.net/projects/passwordsafe comes in Java
or exe versions, I use exe version) in the open folder then double click
say security directory password (which hopefully is different than the
"password safe" password) this puts the password for the folder
temporarily on the clipboard. Just hit <cntrl>V in the password field
and it will paste it into the password field. A keylogger will usually
log the paste operation but not the password. This could work with a
regular text file too however the text file would be in the open. You
will need to remember to clear the clipboard before you complete the
session or the password could still be retained in memory.

This may prevent keyloggers from data but may not be safe from all
creepies, but better than no safeguards.

If the key is lost password safe keeps your folder passwords relatively
secure, but could be broken by someone knowledgeable and determined.

Winged

Winged <> wrote in
news:4bc4e$435d92c5$18d6d959$:

....
> Using password safe in an unencrypted folder ...


Yeah, it could help but it's not bombproof.

The reason I recommend full OTFE HD encryption is twofold:

1. There's no place to install a software keylogger where it can
get executed.

2. There's no place for such a keylogger - even if it did somehow
get installed - to write data where it would be accessible (i.e.,
unencrypted).

Regards,

Thanks for the reply.

I do actually quite like what you have suggested, especially with the
key disk being on a second USB device. I am of course assuming that
the key disk has the password encrypted on it so that if it is lost
then the password won't be seen.

Thanks again for the reply



On Mon, 24 Oct 2005 11:24:53 +0100, Stephen Howard
<> wrote:

>On Mon, 24 Oct 2005 18:38:39 +1300, wrote:
>
>>Hi all
>>
>>I have some data and programmes on a USB flash memory device and this
>>is encrypted on the device. Is there anyway of preventing a keyboard
>>logger from seeing the password that I am typing to open up the
>>encrypted data on the USB device. I use this device on various
>>computers not under my control.
>>
>>Many thanks
>
>How about using a key disk?
>
>Blowfish Advanced CS can make use of a floppy disk that contains your
>key, and this would get around having to manually type in a password.
>It may even be possible to store this key on another USB device.
>
>Other than that, perhaps consider changing your password each time you
>use the USB device on anything but your own machine.
>
>http://www.hotpixel.net/software.html
>
>Regards,
--
To reply, take NOSPAM out of my email address.

On Thu, 27 Oct 2005 19:11:15 +1300, wrote:

>Thanks for the reply.
>
>I do actually quite like what you have suggested, especially with the
>key disk being on a second USB device. I am of course assuming that
>the key disk has the password encrypted on it so that if it is lost
>then the password won't be seen.
>
>Thanks again for the reply

I'm not sure if the password key is encrypted, you'd have to check
that yourself. I'm pretty sure it will be fairly huge though.
As regards losing the key...I think you'd be stuffed unless you had a
copy, and in any event if you lost the key disk it would be wise to
make a new one with a new key.
In which case you'll need two extra usb sticks..one for use, one for
backup of the key!

Regards,
>
>On Mon, 24 Oct 2005 11:24:53 +0100, Stephen Howard
><> wrote:
>
<snip>
>>
>>How about using a key disk?
>>
>>Blowfish Advanced CS can make use of a floppy disk that contains your
>>key, and this would get around having to manually type in a password.
>>It may even be possible to store this key on another USB device.
>>
>>Other than that, perhaps consider changing your password each time you
>>use the USB device on anything but your own machine.
>>
>>http://www.hotpixel.net/software.html
>>
>>Regards,


--
Stephen Howard - Woodwind repairs & period restorations
www.shwoodwind.co.uk
Emails to: showard{whoisat}shwoodwind{dot}co{dot}uk