Re: randomizing keyboard input

From: Larry Offley <lucullus@xxxxxxx>
Date: Fri, 14 Sep 2007 18:29:08 -0700

It might slow down non-hardware keyloggers. The thing is there is software that can unrandomize simple letter exchanges. So if I capture a few paragraphs of keystrokes it should be fairly easy (possible even by hand) to determine the correct letter exchanges. Nice Idea but unless you had hardware and software that worked together (like the smart cards that change pins every sec minutes). What you need is keyboard that encrypts the keystrokes and then software reversed it. Again the problem is If i can run software on your system (ie a keylogger) I can probably run anything I want.

Larry Offley
http://security.offley.ca

Cypher wrote:

alo alo,
a friend and i have been working on an idea. We want to create a
framework the randomizes the keyboard input. heres the basics, we all
know that the theres a keyboard layout, dumpkeys in linux will show you
what there is, what were trying to do is take and make a random
keylayout on boot, then find a way to decrypt this for an applications.
basically, were trying to find a way past keyloggers. if a keylogger is
logging what you type, but the keylayout is randomized from the keyboard
to application, then the keylogger is no good. were trying to create a
framework for this but are having some trouble coming up with some
basics on how to remap the keylayout to say the device input of the
keyboard to the output device like the application openoffice. if this
could be accomplished then it would defeat the purpose if keyloggers
since they depend on standard keyboard layouts to decode keyinputs. has
anyone come across an appication or idea like this that would be of
help? or even just some thoughts that would lead us in the right
direction would be greatly appreciated. thank you all for your time.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

References:
- randomizing keyboard input
  - From: Cypher

Prev by Date: randomizing keyboard input
Next by Date: Re: Wiping Solaris Servers
Previous by thread: randomizing keyboard input
Next by thread: Re: randomizing keyboard input
Index(es):
- Date
- Thread

Relevant Pages

Re: randomizing keyboard input
... framework the randomizes the keyboard input. ... keylayout on boot, then find a way to decrypt this for an applications. ... were trying to find a way past keyloggers. ...
(Pen-Test)
Re: Password Protection
... What are the techniques to protect a password from being ... >modern keyloggers can take screenshots too. ... i had an internal developer make a site for us to use an on-screen keyboard ...
(Security-Basics)
randomizing keyboard input
... framework the randomizes the keyboard input. ... were trying to find a way past keyloggers. ... basics on how to remap the keylayout to say the device input of the ...
(Pen-Test)
Re: hardware disk encryption?
... > fingers and keyboard at one end and the BIOS on the other end. ... How many people actually WALK to the server before logging in? ... derived from the password and a random value - a challenge-response ... Theoretically, this would knock out keyloggers, as they'd only see what ...
(sci.crypt)
Re: Keyloggers
... What are Keyloggers ... A Keylogger is a program that records all keystrokes and stores them ... automatically email the captured keystrokes to the attacker so they ...
(soc.culture.singapore)