[FoRK] Not the linux-mini yet,

Lucas Gonze lgonze
Thu Aug 18 22:26:09 PDT 2005



On Fri, 19 Aug 2005, Udhay Shankar N wrote:

> Lucas Gonze wrote [ at 10:39 AM 8/19/2005 ]:
>
>> You can't trust the keyboard, though.  Any secrets have to originate on the 
>> mini and be encrypted as they pass through the untrusted cybercafe machine.
>> 
>> For starters there's a big freebie to bootstrap the system: ssh 
>> passwordless login.  However that won't help you with any web site you have 
>> to log in to, most importantly webmail.
>
> Maybe an on screen keyboard on a webserver you control, hardcoded to go to 
> yahoo/gmail/whatever? The actual email may not have that level of security 
> requirement, but the passphrase surely would.

That's getting there...  You can't interactively enter the password, 
though.  It would have to be a recording of some kind.

One angle of attack -- a filtering proxy on the mini which munges the HTTP 
to auto-fill password fields without ever send the password data to the 
screen.  Or -- a mozilla extension which could read and write the disk on 
the mini...

>
>> Plus, you need the ability to have the mini proxy bytes to the internet via 
>> the untrusted machine.
>
> That should be easy enough to do, surely?

Yeah, you're right.  Have the mini set up an ssh tunnel to a trusted 
external host which passes the unencrypted bytes out to destination 
servers.




More information about the FoRK mailing list