|
Title: [REQ] Anti-keylogger features Post by: tsoPANos on September 02, 2013, 02:16:39 PM I would be really be excited if you're kind enough to add anti-keylogging features.
For example, this program adds anti-keylogging feautures on the most popular browsers. http://www.qfxsoftware.com/ I think it would be possible to do this for Bitcoin-Qt! ::) Title: Re: [REQ] Anti-keylogger features Post by: favdesu on September 02, 2013, 02:33:25 PM startpaged it, found this:
Quote I would never install a software that has access to all my passwords and other information from a company that is unknown. sounds reasonable, the client/s are safe because they don't relay on 3rd party tools. Title: Re: [REQ] Anti-keylogger features Post by: etotheipi on September 02, 2013, 03:29:24 PM By the way, Armory has anti-keylogging option for entering your password.
https://bitcointalk.org/index.php?topic=56424.msg1761230#msg1761230 It simply allows you to use the mouse to click your password, and it randomizes the key layout so that something recording mouse clicks doesn't know what's being clicked. It's not a silver bullet against anything, but it's built-in and not any worse than using the keyboard. Title: Re: [REQ] Anti-keylogger features Post by: tsoPANos on September 02, 2013, 05:41:34 PM startpaged it, found this: No, I'm not intending to integrate third party software!Quote I would never install a software that has access to all my passwords and other information from a company that is unknown. sounds reasonable, the client/s are safe because they don't relay on 3rd party tools. A built-in keylogger protector, which encrypts the keystrokes, like this. http://www.qfxsoftware.com/ks-windows/how-it-works.htm By the way, Armory has anti-keylogging option for entering your password. Any possibility of implementing this?https://bitcointalk.org/index.php?topic=56424.msg1761230#msg1761230 It simply allows you to use the mouse to click your password, and it randomizes the key layout so that something recording mouse clicks doesn't know what's being clicked. It's not a silver bullet against anything, but it's built-in and not any worse than using the keyboard. using the mouse is weak, as many malware programs screen-capture. http://www.qfxsoftware.com/ks-windows/how-it-works.htm Title: Re: [REQ] Anti-keylogger features Post by: etotheipi on September 02, 2013, 06:29:19 PM startpaged it, found this: No, I'm not intending to integrate third party software!Quote I would never install a software that has access to all my passwords and other information from a company that is unknown. sounds reasonable, the client/s are safe because they don't relay on 3rd party tools. A built-in keylogger protector, which encrypts the keystrokes, like this. http://www.qfxsoftware.com/ks-windows/how-it-works.htm By the way, Armory has anti-keylogging option for entering your password. Any possibility of implementing this?https://bitcointalk.org/index.php?topic=56424.msg1761230#msg1761230 It simply allows you to use the mouse to click your password, and it randomizes the key layout so that something recording mouse clicks doesn't know what's being clicked. It's not a silver bullet against anything, but it's built-in and not any worse than using the keyboard. using the mouse is weak, as many malware programs screen-capture. http://www.qfxsoftware.com/ks-windows/how-it-works.htm If the malware is advanced/integrated enough to record mouseclicks, screenshots, and implement OCR to identify the characters being clicked, it's advanced enough to pull your private keys out of RAM when you unlock your wallet. At that point, the only thing that will protect you is to use an offline computer. This gives you a little extra protection against "simple" keyloggers, but nothing more. I haven't looked too much at that website, but it sounds like snake oil. Your keystrokes have to make it to the application decrypted at some point, so you're probably removing only the simplest of keyloggers with that 3rd party tool anyway. WHich is what this scrambled keyboard does. Title: Re: [REQ] Anti-keylogger features Post by: tsoPANos on September 02, 2013, 06:50:49 PM startpaged it, found this: No, I'm not intending to integrate third party software!Quote I would never install a software that has access to all my passwords and other information from a company that is unknown. sounds reasonable, the client/s are safe because they don't relay on 3rd party tools. A built-in keylogger protector, which encrypts the keystrokes, like this. http://www.qfxsoftware.com/ks-windows/how-it-works.htm By the way, Armory has anti-keylogging option for entering your password. Any possibility of implementing this?https://bitcointalk.org/index.php?topic=56424.msg1761230#msg1761230 It simply allows you to use the mouse to click your password, and it randomizes the key layout so that something recording mouse clicks doesn't know what's being clicked. It's not a silver bullet against anything, but it's built-in and not any worse than using the keyboard. using the mouse is weak, as many malware programs screen-capture. http://www.qfxsoftware.com/ks-windows/how-it-works.htm If the malware is advanced/integrated enough to record mouseclicks, screenshots, and implement OCR to identify the characters being clicked, it's advanced enough to pull your private keys out of RAM when you unlock your wallet. At that point, the only thing that will protect you is to use an offline computer. This gives you a little extra protection against "simple" keyloggers, but nothing more. I haven't looked too much at that website, but it sounds like snake oil. Your keystrokes have to make it to the application decrypted at some point, so you're probably removing only the simplest of keyloggers with that 3rd party tool anyway. WHich is what this scrambled keyboard does. Keyloggers can dump the address the moment when the wallet program decrypts the wallet.dat. Is it possible to keep the wallet encrypted inside the memory? Sorry if I'm asking noob questions, my coding experience is something sit further than 'hello world!' Title: Re: [REQ] Anti-keylogger features Post by: gmaxwell on September 03, 2013, 01:55:35 AM Bitcoin specific malware is a point and click choice now in malware authoring tools. I do not see much value in anti-malware data entry, especially since it penalizes users from choosing passphrases which are long enough to withstand strong guessing attacks.
Title: Re: [REQ] Anti-keylogger features Post by: Dabs on September 03, 2013, 05:17:08 AM I've seen KeyScrambler, but I would never pay for it. There's also NeoSafeKeys, which is free.
Title: Re: [REQ] Anti-keylogger features Post by: kjj on September 03, 2013, 11:12:29 AM If the malware is advanced/integrated enough to record mouseclicks, screenshots, and implement OCR to identify the characters being clicked, it's advanced enough to pull your private keys out of RAM when you unlock your wallet. At that point, the only thing that will protect you is to use an offline computer. Bitcoin specific malware is a point and click choice now in malware authoring tools. I do not see much value in anti-malware data entry, especially since it penalizes users from choosing passphrases which are long enough to withstand strong guessing attacks. The proper solution, of course, is to practice good computer hygiene so that you don't get malware. As has already been pointed out, it is foolish to hope for only "dumb" malware. |