[FoRK] Not the linux-mini yet,

Luis Villa luis.villa
Fri Oct 14 09:14:06 PDT 2005


On 8/22/05, Luis Villa <luis.villa at gmail.com> wrote:
> On 8/22/05, Kevin Elliott <k-elliott at wiu.edu> wrote:
> > At 09:08 -1000  on  8/19/05, Lucas Gonze wrote:
> > >On Fri, 19 Aug 2005, Wilkin, Kurt wrote:
> > >>  Store the AutoHotkey.exe  (from http://www.autohotkey.com/ )
> > >>  on your mini, copy it onto the dirty machine, as well as a
> > >>  script file containing a line like:
> > >>
> > >>  ::pw::password
> > >>
> > >>  Run the script, then when you enter 'pw' in the password
> > >>  field it'll be auto replaced with 'password'.
> > >>
> > >>  For extra paranoia, compile the script to a password
> > >>  protected exe.
> > >>
> > >>  That'll get you past the keyboard anyway.
> > >
> > >No luck my dude -- copying the password script file over to the
> > >untrusted machine will give >the game away.  That's also true for
> > >the password protected exe.
> >
> > Short answer: Don't use the keyboard as a keyboard.
> > Long Answer:
> >
> > The key realization is that you can't trust the keyboard at ALL.
> > Anything you type can can be captured.
> >
> > SO, that leads us to a couple different solutions:
>
> <snip list of solutions that all still use a keyboard>
>
> Or just set the thing up to use dasher:
> http://www.inference.phy.cam.ac.uk/dasher/
>
> or gok:
> gok.ca
>
> for all input.

Or of course you can do all auth on the machine-on-stick itself:
http://www.engadget.com/entry/1234000007063156/

biometric-auth on a stick...
Luis



More information about the FoRK mailing list