Is there way to stop a keyboard logger intercepting my keystrokes?

Discussion in 'Computer Security' started by Guest, Oct 24, 2005.

  1. Guest

    Guest Guest

    Hi all

    I have some data and programmes on a USB flash memory device and this
    is encrypted on the device. Is there anyway of preventing a keyboard
    logger from seeing the password that I am typing to open up the
    encrypted data on the USB device. I use this device on various
    computers not under my control.

    Many thanks
    Guest, Oct 24, 2005
    1. Advertisements

  2. Guest

    Mike Guest

    Yup, don't use it on computers you do not control or only use it on
    computers you control or only use it on your own computer which I assume
    you trust.
    Mike, Oct 24, 2005
    1. Advertisements

  3. Guest

    Gerard Bok Guest

    No. Not realy.

    But if your data is that sensitive, you could buy a USB device
    that requires both a fingerprint scan (on the same device!) and a
    password to open.
    Gerard Bok, Oct 24, 2005
  4. How about using a key disk?

    Blowfish Advanced CS can make use of a floppy disk that contains your
    key, and this would get around having to manually type in a password.
    It may even be possible to store this key on another USB device.

    Other than that, perhaps consider changing your password each time you
    use the USB device on anything but your own machine.

    Stephen Howard, Oct 24, 2005
  5. Guest

    nemo_outis Guest

    wrote in

    It's very much like the affordablity of yachts: if you have to ask...

    If you are worried about what a keylogger might do, then you obviously do
    not have continuous control and custody of your computer. Without physical
    security you are lost - (almost) nothing can compensate against a
    sufficiently skilled adversary. Even limited or inept adversaries can do
    much to compromise your security if they have physical access to the
    machine and environs.

    Hardware keyloggers must be detected physically by inspection. That means,
    inter alia, opening your keyboard and looking. Do you know what to look
    for? Or video or audio surveillance could have been put in place. Do you
    know how to check?

    Software keyloggers are much easier, but not necessarily trivial. The
    surest protection against them is full OTFE HD encryption. The alternative
    of looking for them after the fact is a much inferior method.


    PS There are a number of makeshifts that can be used such as applying
    tamper-indicating seals to the keyboard and computer case. Sadly, these
    asre insufficient to stop even a moderately-skilled opponent (see, for
    instance, the Los Alamos studies re tamper indication devices).
    nemo_outis, Oct 24, 2005
  6. Guest

    Winged Guest

    Using password safe in an unencrypted folder you can open password safe
    (open source comes in Java
    or exe versions, I use exe version) in the open folder then double click
    say security directory password (which hopefully is different than the
    "password safe" password) this puts the password for the folder
    temporarily on the clipboard. Just hit <cntrl>V in the password field
    and it will paste it into the password field. A keylogger will usually
    log the paste operation but not the password. This could work with a
    regular text file too however the text file would be in the open. You
    will need to remember to clear the clipboard before you complete the
    session or the password could still be retained in memory.

    This may prevent keyloggers from data but may not be safe from all
    creepies, but better than no safeguards.

    If the key is lost password safe keeps your folder passwords relatively
    secure, but could be broken by someone knowledgeable and determined.

    Winged, Oct 25, 2005
  7. Guest

    nemo_outis Guest


    Yeah, it could help but it's not bombproof.

    The reason I recommend full OTFE HD encryption is twofold:

    1. There's no place to install a software keylogger where it can
    get executed.

    2. There's no place for such a keylogger - even if it did somehow
    get installed - to write data where it would be accessible (i.e.,

    nemo_outis, Oct 25, 2005
  8. Guest

    Guest Guest

    Thanks for the reply.

    I do actually quite like what you have suggested, especially with the
    key disk being on a second USB device. I am of course assuming that
    the key disk has the password encrypted on it so that if it is lost
    then the password won't be seen.

    Thanks again for the reply
    Guest, Oct 27, 2005
  9. I'm not sure if the password key is encrypted, you'd have to check
    that yourself. I'm pretty sure it will be fairly huge though.
    As regards losing the key...I think you'd be stuffed unless you had a
    copy, and in any event if you lost the key disk it would be wise to
    make a new one with a new key.
    In which case you'll need two extra usb for use, one for
    backup of the key!

    Stephen Howard, Oct 27, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.