Defeating keyloggers with encrypted one time passwords (a patent spoiler?)

A simple idea for enhanced password protection!

Backround:

On 29 Nov 2005 20:51:29 -0800, Paul Rubin
<http://phr.cx@xxxxxxxxxxxxxx> wrote:

>news <onetitfemme2005@xxxxxxxxx> writes:
>> You are right but for example keyboard activity can be recorded even in a
>> "secure" system through its electromagnetic emissions
>
>We're talking about ordinary PC's that are controlled by an attacker.
>Keystrokes entered into the computer and stuff drawn on the screen by
>application programs all pass through software layers in the operating
>system. The OS can be patched to log this data to the hard disk. No
>electromagnetic emission weirdness is needed.

Yes, for that purpose there are at least 6,191 key loggers been
released this year (2004 there were the 3,753 new keyloggers i.e. up
65 percent http://www.techweb.com/wire/173603033). Keyloggers are
obviously evil and a growing trend. The question is who's gonna save
us?
- Keyboard manufacturers,
- Antivirus software,
- Crypto community
- Linux
- ISPs
. Some seventh party solution


I don't know, but M$ seems to be promising some kind of keylogger
shield, but that will not fix the situation.

- Half of the existing programs use some kind of keyboard hooks and M$
surely can't just decide that those would not work in the future.
- Even if windows would detect the use of win API keyboard hooks, what
could it do warn a user like a firewall program - "Do you want to
allow this program to receive pressed keyboard keys?" C'mon windows or
the user have no chance for knowing what a program xxx will do with
recorded keyboard strokes.

The virus field did change drastically after the M$ took the blaster
lesson and decided to force automatic updates. -Since then the risks
for a major windows pandemia have been reduced significantly. On the
other hand M$ will increase its market dominance for controlling the
windows security business, and that is not a good thing for the
competition point of view. And that is not good for consumer's point
of view. (Solution the soon de facto windows security dominance should
be able to wake up the competition authorities --> TO SPLIT M$ into
4-5 pieces e.g...
Office-MS Ltd,
OS-MS Ltd,
Entertainment- -MS Ltd
Security -MS Ltd
Hardware -MS Ltd

OK, while we wait for that to happen, something must be done to
keylogger problem, which is a problem cause crooks have 'newly'
invented large scale:
- Identity theft,
- Credit card frauds,
- Industrial espionage,
- Spam business
- Portal flooding extortion business

(In addition to 'honest' curiosity motivated password stealing)

(The following is a direct SHOUT TO THE ear of the ALL READING
PROFESSIONAL - who often helps the patent authorities to decide
patentability):

----------------BEGIN IDEA (don't mix with IDEA) ---------------------

The only maintainable answer (to password protection) are the ONE
TIME PASSWORDS and more precisely an A4 sized paper full of them and
folded up into the valet. Ok, that leaves a problem what if someone
steals the wallet, or worse... borrows the paper and copies it. The
solution for eliminating (most) a risk, caused by loss of the password
paper, is the following:
1) The password paper (or similar) is made contain slightly encrypted
passwords! i.e. all the passwords on a paper are slightly erroneous,
but just so little that the user can easily remove the encryption.
2) The encryption method for the papers passwords can be decided by
the user of the provider of the passwords.
3) Optionally the paper containing the encrypted paper can be set to
contain the information for easy removing the (light) encryption. In
such case the paper could contain for example a dashed line which
would say a scissors away these decryption instruction - and destroy
them after you have memorized and learned the decryption instructions.

Example decryption instructions... TO DECRYPT:
- remove two first character of each password
- remove the third character of each password
- Switch the first and last character of each password
- change the case of all letters
- switch the fourth and fifth character of each password
- add 1 to every number character (9 becomes 0)

----------------END IDEA (don't mix with IDEA) ---------------------

Dear ALL READING PROFESSIONAL, hope you remember this, in case someone
seeks a patent for a similar system / method.

Regards
Juuso Hukkanen
(to reply by e-mail set addresses month and year to correct)













.

Relevant Pages

  • Re: Opera pain
    ... Using Windows ... you can drag the image file to any drive or folder you desire.. ... I'm a operation efficiency nerd. ... hardware is just keyboard and mouse. ...
    (comp.infosystems.www.authoring.html)
  • Re: OpenVMS, eXursion, Laptop
    ... navigation in a Firefox window and fat-fingered a Tab (to the Send ... button) and then space bar. ... While superior to Windows in many ways, ... biggest pet peeve is keyboard navigation. ...
    (comp.os.vms)
  • Re: The Beep Function.
    ... If Ctrl Alt Delete did work then the keyboard was not frozen. ... and there are a lot more experienced Windows administrators than Apple ones ... alt-ctrl-del would sometimes work to reboot the PC. ... then soon after that a very expensive, to me, Mac iBook G4. ...
    (comp.lang.basic.visual.misc)
  • Help Cannot install windows. Keyboard freezes
    ... Windows will not install, keyboard locks! ... Change the boot priorty to 1.44" FDD, After the system boots and comes to ... FAT32 try to install the OS. ...
    (microsoft.public.windowsxp.general)
  • Re: Just purchased an Acer Iconia W500.
    ... touch screens. ... If you're using desktop apps via touch it sucks! ... virtual keyboard very responsive. ... "The Windows environment is not touch friendly, or so I keep being told. ...
    (comp.sys.mac.advocacy)