12-04-01, 08:38 AM
After reading about the new key logging program MAGIC LANTERN(there are many others), I began thinking about ways to protect my passwords from such a program. In case you don't know, MAGIC LANTERN is a program that can be secretly installed on ones computer to covertly log ones every keystroke. Obviously this would compromise ones secret passwords. I was wondering how feasible it would be to create an encryption program(using any algorithm) that, when prompting a user to enter a password/key, opens a field(new window) that displays the letters A-Z and the numbers1-0. The user would then use his/her mouse to point-and-click ont the desired characters rather than using the keyboard to enter them manually. Could such a program be useful in providing extra security from secretly installed key-logging programs such as MAGIC LANTERN?
If such an encryption program exist please let me know. If someone would like to create such a program, I will buy it from you.
With the right code it wouldn't be a problem.
would you really want to?
One of the benefits of password inputs as used by most systems is the on screen security where when entering your password all that appears on the screen are a series of ********* (asterisks).
By using a graphic based input interface, your inputs would be visible to all and sundry.
Possibly a better way of securing your data would be to use a 'dongle'.
A dongle, as you may know is a physical electronic key which can be connected to an I/O port of the system in question, and is required to decrypt the system.
It is not much harder to record the locations of mouse pointer pauses and clicks. Would you think that "Magic Lantern" would not also do this? In fact most companies that keep track of users visiting habits on the internet already monitor mouse activities. How else would they know if you are working or playing MS games? There is a differnet pattern to one who is working and one who is playing when using the mouse.
12-04-01, 03:16 PM
I Messaged quite a bit to Machaon about this.
I just hope you don't feel that we've (meaning all that have posted and replied to this topic) been in anyway too critical of your idea.
As I said to you in PM, if any programs are developed to gain Kernel threads/processes then no matter if it's a graphical button on a screen or a key press, it can be bypassed.
This is the entire method also used in Cracks and Key-generation.
You have to think of Passwords similar to a key going into a lock, the key might have a specific shape that is relevant to a password, but if you have the right tools you can get into the locking mechanism and just press the areas that are relevant to open the door. (Which is pretty much what these kernel snooping programs can be created to do)
Dongles are one way of encrypting, but there are otherways, for instance:
You have a password and a chip-pen that you place into a hole on your keyboard. The chip is used to process the encryption of your password to open up your system, software or even hardware. Without that chip being there or the correct password being supplied the system, program, hardware is rendered useless.
(This is instead of the Magnetic tape cards that can easily be read with some old VHS hardware.)
As I mentioned also to Machaon there is still the problem that people can corrupt your DATA. For instance loading a Kernel to RAM to give back data to your system to make it think the full RAM is free, when in turn it corrupts your data through CRC's so that your passwords don't work locking you out of your own system. Possibly their is the trojan software that can watch using your kernel your exact processes and movements through your system (this is what BO is capable of) rather than having a log that you take of someones machine, you actually view what they type and even see what they are typing before they encrypt it.
When you look at computers like this, you begin to realise that security shouldn't be a concern, as there is no real security other than making your system standalone and not connecting it to a network or the internet. (Even then there is ways of getting information but this takes some seriously sophisticated hardware which needs to "Find it's way" to you computer. Not that I have had any experience with Bug planters.)
there's no way my idea may protect your passwords[hide thm] but it messes up the scanning program[MAGIC LANTERN].
The idea is that a program creates false keystrokes all time.
With an avarage RAM nowadays it should be no problem, you would not notice tht. The result is that the program will not recognice which are passwords and which are not. Maybe after every[or after every third] keystroke the brogram would generate a random set of false keystrokes.
Very very shrewd.
In fact I'd even go so far as to say that I like it.
I was thinking the idea of movement tracking thing,why?whats the use.
when we press the key on screen keyboard with the mouse,it would automatically generate software interrupt,so it will just steal that interrupt and know the password,its all so easy...