|
Title: password keyboard for bitcoin Post by: bracek on June 18, 2011, 05:31:40 PM maybe someone could develop a keyboard for password entering
that would be part of bitcoin client, (actually next version will have encripted keys, and ask for password when sending btc) keyboard would be used with mouse only, keys would reshuffle after every stroke, and change color :) for example, keys could be in red green or blue color, my password : 79eight"blue""red"four"red"11nine"green""blue" so whenever I enter a keystroke, I could be entering it because of color, or because of number/letter it holds, so if someone watches my screen he can't easily read my pass, also keylogers would have problem catching pass... we could brainstorm this, to give developers some ideas ... Title: Re: password keyboard for bitcoin Post by: bracek on June 19, 2011, 09:49:31 AM is this too difficult, too stupid or what ?
any comment ? seems to me that if someone tries to follow my password entering, it would be like password is forking with every new keystroke... even if someone actually is copying my password, it probably would not be copy/paste-able, and that gives me time to change it if i ever suspect something... Title: Re: password keyboard for bitcoin Post by: Theo on June 19, 2011, 10:56:08 AM This works if it isn't too annoying for experienced users to find the correct keys on the reshuffled board. The annoyance factor however limit the number of ambiguities. If you watch the user entering the password 2 or 3 times you can probably nail it down.
Graphical passwords are immune against keyloggers, but then mouse/screen loggers would probably come up. If you're interested, there are some other ideas for graphical passwords, e.g. http://www.acsac.org/2005/papers/89.pdf (http://www.acsac.org/2005/papers/89.pdf). Title: Re: password keyboard for bitcoin Post by: bracek on June 19, 2011, 11:29:48 AM This works if it isn't too annoying for experienced users to find the correct keys on the reshuffled board. The annoyance factor however limit the number of ambiguities. If you watch the user entering the password 2 or 3 times you can probably nail it down. Graphical passwords are immune against keyloggers, but then mouse/screen loggers would probably come up. If you're interested, there are some other ideas for graphical passwords, e.g. http://www.acsac.org/2005/papers/89.pdf (http://www.acsac.org/2005/papers/89.pdf). it should be annoying :) then user is concentrated, after all, u enter password rarely Title: Re: password keyboard for bitcoin Post by: proudhon on June 19, 2011, 12:17:08 PM I like the idea. It doesn't really do anything toward making bitcoin easier to use, but I think high security should trump ease of use right now. Let's get this thing as secure as it can be and then start working on ease of use for the masses.
Title: Re: password keyboard for bitcoin Post by: gentakin on June 19, 2011, 01:43:09 PM It's a nice idea, but not 100% secure: malware could easily take a screenshot on-click when the keyboard is shown. Still better than a simple password text field.
If your computer is infected with malware, there is probably no way to make this 100% secure. |