Is there way to stop a keyboard logger intercepting my keystrokes?

Discussion in 'Computer Security' started by kirkzeusNOSPAM@hotmail.com, Oct 24, 2005.

  1. Guest

    Hi all

    I have some data and programmes on a USB flash memory device and this
    is encrypted on the device. Is there anyway of preventing a keyboard
    logger from seeing the password that I am typing to open up the
    encrypted data on the USB device. I use this device on various
    computers not under my control.

    Many thanks
    --
    To reply, take NOSPAM out of my email address.
     
    , Oct 24, 2005
    #1
    1. Advertising

  2. Mike Guest

    wrote:
    > Is there anyway of preventing a keyboard
    > logger from seeing the password that I am typing to open up the
    > encrypted data on the USB device. I use this device on various
    > computers not under my control.


    Yup, don't use it on computers you do not control or only use it on
    computers you control or only use it on your own computer which I assume
    you trust.
     
    Mike, Oct 24, 2005
    #2
    1. Advertising

  3. Gerard Bok Guest

    On Mon, 24 Oct 2005 18:38:39 +1300,
    wrote:

    >I have some data and programmes on a USB flash memory device and this
    >is encrypted on the device. Is there anyway of preventing a keyboard
    >logger from seeing the password that I am typing to open up the
    >encrypted data on the USB device. I use this device on various
    >computers not under my control.


    No. Not realy.

    But if your data is that sensitive, you could buy a USB device
    that requires both a fingerprint scan (on the same device!) and a
    password to open.

    --
    Kind regards,
    Gerard Bok
     
    Gerard Bok, Oct 24, 2005
    #3
  4. On Mon, 24 Oct 2005 18:38:39 +1300, wrote:

    >Hi all
    >
    >I have some data and programmes on a USB flash memory device and this
    >is encrypted on the device. Is there anyway of preventing a keyboard
    >logger from seeing the password that I am typing to open up the
    >encrypted data on the USB device. I use this device on various
    >computers not under my control.
    >
    >Many thanks


    How about using a key disk?

    Blowfish Advanced CS can make use of a floppy disk that contains your
    key, and this would get around having to manually type in a password.
    It may even be possible to store this key on another USB device.

    Other than that, perhaps consider changing your password each time you
    use the USB device on anything but your own machine.

    http://www.hotpixel.net/software.html

    Regards,



    --
    Stephen Howard - Woodwind repairs & period restorations
    www.shwoodwind.co.uk
    Emails to: showard{whoisat}shwoodwind{dot}co{dot}uk
     
    Stephen Howard, Oct 24, 2005
    #4
  5. nemo_outis Guest

    wrote in news:cqsol11qeh4j1q6a9lnr3j2celjk2ovjq5
    @4ax.com:

    > Hi all
    >
    > I have some data and programmes on a USB flash memory device and this
    > is encrypted on the device. Is there anyway of preventing a keyboard
    > logger from seeing the password that I am typing to open up the
    > encrypted data on the USB device. I use this device on various
    > computers not under my control.
    >
    > Many thanks





    It's very much like the affordablity of yachts: if you have to ask...

    If you are worried about what a keylogger might do, then you obviously do
    not have continuous control and custody of your computer. Without physical
    security you are lost - (almost) nothing can compensate against a
    sufficiently skilled adversary. Even limited or inept adversaries can do
    much to compromise your security if they have physical access to the
    machine and environs.

    Hardware keyloggers must be detected physically by inspection. That means,
    inter alia, opening your keyboard and looking. Do you know what to look
    for? Or video or audio surveillance could have been put in place. Do you
    know how to check?

    Software keyloggers are much easier, but not necessarily trivial. The
    surest protection against them is full OTFE HD encryption. The alternative
    of looking for them after the fact is a much inferior method.

    Regards,

    PS There are a number of makeshifts that can be used such as applying
    tamper-indicating seals to the keyboard and computer case. Sadly, these
    asre insufficient to stop even a moderately-skilled opponent (see, for
    instance, the Los Alamos studies re tamper indication devices).
     
    nemo_outis, Oct 24, 2005
    #5
  6. Winged Guest

    nemo_outis wrote:
    > wrote in news:cqsol11qeh4j1q6a9lnr3j2celjk2ovjq5
    > @4ax.com:
    >
    >
    >>Hi all
    >>
    >>I have some data and programmes on a USB flash memory device and this
    >>is encrypted on the device. Is there anyway of preventing a keyboard
    >>logger from seeing the password that I am typing to open up the
    >>encrypted data on the USB device. I use this device on various
    >>computers not under my control.
    >>
    >>Many thanks

    >
    >
    >
    >
    >
    > It's very much like the affordablity of yachts: if you have to ask...
    >
    > If you are worried about what a keylogger might do, then you obviously do
    > not have continuous control and custody of your computer. Without physical
    > security you are lost - (almost) nothing can compensate against a
    > sufficiently skilled adversary. Even limited or inept adversaries can do
    > much to compromise your security if they have physical access to the
    > machine and environs.
    >
    > Hardware keyloggers must be detected physically by inspection. That means,
    > inter alia, opening your keyboard and looking. Do you know what to look
    > for? Or video or audio surveillance could have been put in place. Do you
    > know how to check?
    >
    > Software keyloggers are much easier, but not necessarily trivial. The
    > surest protection against them is full OTFE HD encryption. The alternative
    > of looking for them after the fact is a much inferior method.
    >
    > Regards,
    >
    > PS There are a number of makeshifts that can be used such as applying
    > tamper-indicating seals to the keyboard and computer case. Sadly, these
    > asre insufficient to stop even a moderately-skilled opponent (see, for
    > instance, the Los Alamos studies re tamper indication devices).
    >
    >

    Using password safe in an unencrypted folder you can open password safe
    (open source http://sourceforge.net/projects/passwordsafe comes in Java
    or exe versions, I use exe version) in the open folder then double click
    say security directory password (which hopefully is different than the
    "password safe" password) this puts the password for the folder
    temporarily on the clipboard. Just hit <cntrl>V in the password field
    and it will paste it into the password field. A keylogger will usually
    log the paste operation but not the password. This could work with a
    regular text file too however the text file would be in the open. You
    will need to remember to clear the clipboard before you complete the
    session or the password could still be retained in memory.

    This may prevent keyloggers from data but may not be safe from all
    creepies, but better than no safeguards.

    If the key is lost password safe keeps your folder passwords relatively
    secure, but could be broken by someone knowledgeable and determined.

    Winged
     
    Winged, Oct 25, 2005
    #6
  7. nemo_outis Guest

    Winged <> wrote in
    news:4bc4e$435d92c5$18d6d959$:

    ....
    > Using password safe in an unencrypted folder ...



    Yeah, it could help but it's not bombproof.

    The reason I recommend full OTFE HD encryption is twofold:

    1. There's no place to install a software keylogger where it can
    get executed.

    2. There's no place for such a keylogger - even if it did somehow
    get installed - to write data where it would be accessible (i.e.,
    unencrypted).

    Regards,
     
    nemo_outis, Oct 25, 2005
    #7
  8. Guest

    Thanks for the reply.

    I do actually quite like what you have suggested, especially with the
    key disk being on a second USB device. I am of course assuming that
    the key disk has the password encrypted on it so that if it is lost
    then the password won't be seen.

    Thanks again for the reply



    On Mon, 24 Oct 2005 11:24:53 +0100, Stephen Howard
    <> wrote:

    >On Mon, 24 Oct 2005 18:38:39 +1300, wrote:
    >
    >>Hi all
    >>
    >>I have some data and programmes on a USB flash memory device and this
    >>is encrypted on the device. Is there anyway of preventing a keyboard
    >>logger from seeing the password that I am typing to open up the
    >>encrypted data on the USB device. I use this device on various
    >>computers not under my control.
    >>
    >>Many thanks

    >
    >How about using a key disk?
    >
    >Blowfish Advanced CS can make use of a floppy disk that contains your
    >key, and this would get around having to manually type in a password.
    >It may even be possible to store this key on another USB device.
    >
    >Other than that, perhaps consider changing your password each time you
    >use the USB device on anything but your own machine.
    >
    >http://www.hotpixel.net/software.html
    >
    >Regards,

    --
    To reply, take NOSPAM out of my email address.
     
    , Oct 27, 2005
    #8
  9. On Thu, 27 Oct 2005 19:11:15 +1300, wrote:

    >Thanks for the reply.
    >
    >I do actually quite like what you have suggested, especially with the
    >key disk being on a second USB device. I am of course assuming that
    >the key disk has the password encrypted on it so that if it is lost
    >then the password won't be seen.
    >
    >Thanks again for the reply


    I'm not sure if the password key is encrypted, you'd have to check
    that yourself. I'm pretty sure it will be fairly huge though.
    As regards losing the key...I think you'd be stuffed unless you had a
    copy, and in any event if you lost the key disk it would be wise to
    make a new one with a new key.
    In which case you'll need two extra usb sticks..one for use, one for
    backup of the key!

    Regards,
    >
    >On Mon, 24 Oct 2005 11:24:53 +0100, Stephen Howard
    ><> wrote:
    >

    <snip>
    >>
    >>How about using a key disk?
    >>
    >>Blowfish Advanced CS can make use of a floppy disk that contains your
    >>key, and this would get around having to manually type in a password.
    >>It may even be possible to store this key on another USB device.
    >>
    >>Other than that, perhaps consider changing your password each time you
    >>use the USB device on anything but your own machine.
    >>
    >>http://www.hotpixel.net/software.html
    >>
    >>Regards,



    --
    Stephen Howard - Woodwind repairs & period restorations
    www.shwoodwind.co.uk
    Emails to: showard{whoisat}shwoodwind{dot}co{dot}uk
     
    Stephen Howard, Oct 27, 2005
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. you suck

    Re: Modem intercepting phone calls

    you suck, Aug 6, 2003, in forum: Computer Support
    Replies:
    1
    Views:
    517
    Brian
    Aug 6, 2003
  2. Brian H¹©

    Re: Modem intercepting phone calls

    Brian H¹©, Aug 6, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    510
    Brian H¹©
    Aug 6, 2003
  3. you suck

    Re: Modem intercepting phone calls

    you suck, Aug 6, 2003, in forum: Computer Support
    Replies:
    1
    Views:
    520
    Brian
    Aug 7, 2003
  4. you suck

    Re: Modem intercepting phone calls

    you suck, Aug 7, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    574
    Brian
    Aug 7, 2003
  5. NewB
    Replies:
    10
    Views:
    8,734
    giaffebecky
    Oct 23, 2012
Loading...

Share This Page