[FoRK] Not the linux-mini yet,
Thu Aug 18 22:26:09 PDT 2005
On Fri, 19 Aug 2005, Udhay Shankar N wrote:
> Lucas Gonze wrote [ at 10:39 AM 8/19/2005 ]:
>> You can't trust the keyboard, though. Any secrets have to originate on the
>> mini and be encrypted as they pass through the untrusted cybercafe machine.
>> For starters there's a big freebie to bootstrap the system: ssh
>> passwordless login. However that won't help you with any web site you have
>> to log in to, most importantly webmail.
> Maybe an on screen keyboard on a webserver you control, hardcoded to go to
> yahoo/gmail/whatever? The actual email may not have that level of security
> requirement, but the passphrase surely would.
That's getting there... You can't interactively enter the password,
though. It would have to be a recording of some kind.
One angle of attack -- a filtering proxy on the mini which munges the HTTP
to auto-fill password fields without ever send the password data to the
screen. Or -- a mozilla extension which could read and write the disk on
>> Plus, you need the ability to have the mini proxy bytes to the internet via
>> the untrusted machine.
> That should be easy enough to do, surely?
Yeah, you're right. Have the mini set up an ssh tunnel to a trusted
external host which passes the unencrypted bytes out to destination
More information about the FoRK