Bitcoin Forum

Bitcoin => Project Development => Topic started by: Borilla on June 01, 2021, 07:03:17 AM



Title: cancel the post
Post by: Borilla on June 01, 2021, 07:03:17 AM
 :D :D :D :D :D :D :D :D :D :D :D :D :D :D


Title: Re: How many would be interested to have a device that encrypt directly what u type?
Post by: SFR10 on June 01, 2021, 09:54:32 AM
The recipient can read the  original message.
Without the need for a device to decrypt it?

I don't know if people would be it interested.
It depends on a lot of things...
e.g. Open-source software, the whole process itself [for consumers], how that device is going to look, its price, and a few other things.

Personally, I'm not going to use something like that on my main computer, unless I fully trust the provider/manufacturer, but I'd probably buy one to test for fun [If the price is right].

I don't want to lose my time building something people won't buy.
How much you think that device is going to cost for potential buyers out there?


Title: Re: How many would be interested to have a device that encrypt directly what u type?
Post by: crwth on June 01, 2021, 10:01:56 AM
I think the most concern with this is that the confusion with utilizing it or something.
  • Would this be installed or portable?
  • Applicable on different OS?
  • How does it activate?

These are just some questions that I initially thought of by reading it.


Title: Re: How many would be interested to have a device that encrypt directly what u type?
Post by: ETFbitcoin on June 01, 2021, 10:11:15 AM
I don't know if people would be it interested.

Mostly it depends on user experience (both sender and receiver), general user don't care how it works as long as it's easy to use. But for geek like me, i'd rather secure my computer rather than buy additional device.


Title: Re: How many would be interested to have a device that encrypt directly what u type?
Post by: Borilla on June 01, 2021, 10:23:22 AM
The recipient can read the  original message.
Without the need for a device to decrypt it?

You need the a device to decrypt it. You would copy the text and the device would read it. You would read the unencrypted text on the device's screen

I don't know if people would be it interested.
It depends on a lot of things...
e.g. Open-source software, the whole process itself [for consumers], how that device is going to look, its price, and a few other things.

Personally, I'm not going to use something like that on my main computer, unless I fully trust the provider/manufacturer, but I'd probably buy one to test for fun [If the price is right].

I don't want to lose my time building something people won't buy.
How much you think that device is going to cost for potential buyers out there?
I would compare it to the price of a raspberry pi plus the cable and the screen.  


Title: Re: How many would be interested to have a device that encrypt directly what u type?
Post by: NotATether on June 01, 2021, 11:20:20 AM
It would severely slow down keyboard input because the keyboard driver, which is usually small so that it runs and processes character input quickly, now has to do a round of encryption for every character, not to mention that since the data is just a single byte, you end up  wasting more time padding a few hundred more zero bytes at the end just so the cipher can parse the input correctly.

This causes keyboard input latency to change from a few milliseconds to several hundred milliseconds. The delay will be noticeable as if the system was lagging. And this is without even considering decryption time yet.

Besides, the keyboard input is exposed directly in assembly code immediately after a device interrupt (i.e. you press a key), so the unencrypted value can still be obtained by reading the character from device memory and writing it somewhere else in memory, before the encryption even starts.

Not to mention that the keyboard is used as an entropy source so encrypting everything you type isn't possible anyway, without running out of random entropy and then relying on a pseudorandom number generator for encryption instead.



Keyloggers live just after the device driver so an alternate solution could be to restrict programs from reading keyboard input regardless of focused window unless the binary has a good digital signature.


Title: Re: How many would be interested to have a device that encrypt directly what u type?
Post by: Ucy on June 01, 2021, 03:59:21 PM
Interesting.
I have always thought about something similar for my devices.
A very simple solution to this would be to type things with normal keys but represents the matching numbers/symbols/alphabets with different things entirely, written somewhere for your receivers to decrypt.
For example:
"C" key could be represented by "&" (C=&),
 "A" represented by "+" (A=+),
 "T' represented by "#" (T=#), etc

So you have the Word "&+#" as CAT, but you initially send you receiver "&+#"or all other complete words and their corresponding cryptic translations.
This will be more suitable for sending private keys and other short keys/words for your other harmless private stuff. For security reasons, the decryptors would need to be encrypted, saved somewhere immutably before you send to your receivers.


Title: Re: How many would be interested to have a device that encrypt directly what u type?
Post by: NotATether on June 01, 2021, 06:35:02 PM
It would severely slow down keyboard input because the keyboard driver, which is usually small so that it runs and processes character input quickly, now has to do a round of encryption for every character, not to mention that since the data is just a single byte, you end up  wasting more time padding a few hundred more zero bytes at the end just so the cipher can parse the input correctly.

It's not doing a round of so called encryption for every character. And yet you can "encrypt" characters one by one as you type.

Lets take AES256 as an example. It can encrypt 256 bytes of data at a time, which translates to 64 characters. But the problem with deferring the encryption until the 64th, or generally the Nth, character is:

1) if you do, then the user will not see any of their input until after the Nth character is typed and they're all encrypted at once. This also introduces a problem of "what if N characters are never typed but less than that, should user feedback wait forever?"
2) if you don't and you just pass the N-1 characters to the user before encrypting them all at once on the Nth char, then those characters may have been intercepted by another listening program.

Besides, the keyboard input is exposed directly in assembly code immediately after a device interrupt (i.e. you press a key), so the unencrypted value can still be obtained by reading the character from device memory and writing it somewhere else in memory, before the encryption even starts.

I don't understand this sentence. Could you explain?

Your keyboard sends a signal to your CPU when a key is pressed. This signal is processed as an interrupt which means the processor stops everything it's doing and reads the character from the keyboard. All of this is programmed in the code of the operating system you are running, in assembly language. It's not possible to encrypt anything while this assembly code is running because such functions do not exist in assembly.

There is nothing stopping someone from placing assembly code in that position to read the characters to their own memory.

Not to mention that the keyboard is used as an entropy source so encrypting everything you type isn't possible anyway, without running out of random entropy and then relying on a pseudorandom number generator for encryption instead.
The device would generate random numbers.

Just make sure it's using thermal/acoustic noise for its entropy and not keyboard presses, since lots of entropy is supposed to be gathered before encryption starts.


Title: Re: How many would be interested to have a device that encrypt directly what u type?
Post by: dkbit98 on June 02, 2021, 12:16:33 PM
I don't think that using any device is needed in this case and there are already some software solutions that encrypt anything you type with your keyboard.
Some of them are included in various antivirus packages and there are separate software options like Ghostpress for example, and for Wireless keyboards there are AES encrypted devices.
Using on-screen virtual keyboards like Oxynger KeyShield or something similar also help to protect from different keylogger attacks.


Title: Re: How many would be interested to have a device that encrypt directly what u type?
Post by: BrewMaster on June 02, 2021, 01:10:38 PM
i think it is an overkill and the device has to be really cheap for me to even consider buying it. there are already solutions to achieve better security and protect oneself against different attacks.
considering this is a bitcoin forum the example could be using a cold storage where you only interact with it on an airgap computer. and if people wanted to pay they would pay for a hardware wallet to gain security for their wallets.


Title: Re: How many would be interested to have a device that encrypt directly what u type?
Post by: Kong Hey Pakboy on June 02, 2021, 02:05:21 PM
It's pretty interesting but as long as the encrypted message can't be decrypted by other machines then probably that would be much better, kind of like a one way encryption where only the recipient can open the message. You might to develop a software instead of a device since most things these days are done online.


Title: Re: How many would be interested to have a device that encrypt directly what u type?
Post by: anu1908 on June 02, 2021, 04:58:14 PM
You might to develop a software instead of a devuce since.most things these days are done online.
wouldn't that defeat the purpose of protecting the user from keylogger? well, maybe there's no need for a device or a software. the sender and receiver just need to agree with a set of rules for their communication via another channel.


Title: Re: How many would be interested to have a device that encrypt directly what u type?
Post by: Borilla on June 03, 2021, 12:18:31 AM
...

Lets take AES256 as an example. It can encrypt 256 bytes of data at a time, which translates to 64 characters. But the problem with deferring the encryption until the 64th, or generally the Nth, character is:

1) if you do, then the user will not see any of their input until after the Nth character is typed and they're all encrypted at once. This also introduces a problem of "what if N characters are never typed but less than that, should user feedback wait forever?"
2) if you don't and you just pass the N-1 characters to the user before encrypting them all at once on the Nth char, then those characters may have been intercepted by another listening program.
...

Your keyboard sends a signal to your CPU when a key is pressed. This signal is processed as an interrupt which means the processor stops everything it's doing and reads the character from the keyboard. All of this is programmed in the code of the operating system you are running, in assembly language. It's not possible to encrypt anything while this assembly code is running because such functions do not exist in assembly.

There is nothing stopping someone from placing assembly code in that position to read the characters to their own memory.


the device is between the keyboard and the computer

you seem to assume how it works

you could just encrypt the whole message in the device and then send the encrypted message but it would not allow you to fill forms or to chat online


Title: Re: How many would be interested to have a device that encrypt directly what u type?
Post by: Borilla on June 03, 2021, 12:24:16 AM
I don't think that using any device is needed in this case and there are already some software solutions that encrypt anything you type with your keyboard.
Some of them are included in various antivirus packages and there are separate software options like Ghostpress for example, and for Wireless keyboards there are AES encrypted devices.
Using on-screen virtual keyboards like Oxynger KeyShield or something similar also help to protect from different keylogger attacks.

It's for those who don't feel secure about their computers (travelers, paranoiacs...) or need to be 100% sure nobody can read their messages. 


Title: Re: How many would be interested to have a device that encrypt directly what u type?
Post by: Kong Hey Pakboy on June 03, 2021, 03:34:21 AM
You might to develop a software instead of a devuce since.most things these days are done online.
wouldn't that defeat the purpose of protecting the user from keylogger? well, maybe there's no need for a device or a software. the sender and receiver just need to agree with a set of rules for their communication via another channel.
That could be another feature you know, it won't defeat the purpose if it can make your product much more unique than the othere similar products in the market right? A feature that detects keyloggers or a message scrambler so even if there is a keylogger, they wouldn't even have a clue what the user is saying because it is already encrypted.


Title: Re: How many would be interested to have a device that encrypt directly what u type?
Post by: dkbit98 on June 03, 2021, 08:55:45 AM
It's for those who don't feel secure about their computers (travelers, paranoiacs...) or need to be 100% sure nobody can read their messages.  
So all of them would have to trust and buy your device that is ''100%'' safe?
It's much easier to use some open source software that would do the same thing than to buy some device that can have backdoors, hidden code and can be affected by supply chain attacks.


Title: Re: How many would be interested to have a device that encrypt directly what u type?
Post by: dkbit98 on June 03, 2021, 10:09:33 AM
so you prefer using an open source  soft wallet over a hard wallet?

any memory in the device could be erased pushing a button, you could also erase all memories but your key
Are we now talking about crypto wallets or about your imaginary device used for encrypting keyboards?

I always prefer any open source wallets instead of closed source devices with buttons for erasing memory.


Title: Re: How many would be interested to have a device that encrypt directly what u type?
Post by: Kakmakr on June 03, 2021, 01:39:06 PM
You know what you can develop is something that Encrypt the Private Key when you have to "sweep" it from your Paper wallet to your desktop wallet.  ;)  It will be nice if someone will not be able to keylog your Private key, when you are in the process to sweep it from cold storage to your Paper Wallet.

So you can go offline when you "Copy" the Private Key, then this software encrypts it and then you go online again and it is in memory in a encrypted format and once you logged into your Online wallet and you Paste it.. it will decrypt it and insert it in the field to sweep the wallet.  ;)

It is always stressful when you have to sweep a wallet and you do not know if it can be intercepted before you are able to sweep it.  ::)


Title: Re: How many would be interested to have a device that encrypt directly what u type?
Post by: Ucy on June 03, 2021, 05:06:23 PM
You know what you can develop is something that Encrypt the Private Key when you have to "sweep" it from your Paper wallet to your desktop wallet.  ;)  It will be nice if someone will not be able to keylog your Private key, when you are in the process to sweep it from cold storage to your Paper Wallet.

So you can go offline when you "Copy" the Private Key, then this software encrypts it and then you go online again and it is in memory in a encrypted format and once you logged into your Online wallet and you Paste it.. it will decrypt it and insert it in the field to sweep the wallet.  ;)

It is always stressful when you have to sweep a wallet and you do not know if it can be intercepted before you are able to sweep it.  ::)

I guess it'd be safer to automatically/manually generate encrypted private keys which can be decrypted with keys you previously generated to use for safe decryption of all your future private keys that are encrypted.
You get the encrypted private keys and decrypt them automatically/manually on very secure devices or on secure physical environments.

This ^ is recommended on well decentralized system (on full node) so that no one ever knows your decryption keys


Title: Re: How many would be interested to have a device that encrypt directly what u type?
Post by: Kakmakr on June 09, 2021, 11:14:40 AM
You know what you can develop is something that Encrypt the Private Key when you have to "sweep" it from your Paper wallet to your desktop wallet.  ;)  It will be nice if someone will not be able to keylog your Private key, when you are in the process to sweep it from cold storage to your Paper Wallet.

So you can go offline when you "Copy" the Private Key, then this software encrypts it and then you go online again and it is in memory in a encrypted format and once you logged into your Online wallet and you Paste it.. it will decrypt it and insert it in the field to sweep the wallet.  ;)

It is always stressful when you have to sweep a wallet and you do not know if it can be intercepted before you are able to sweep it.  ::)

I guess it'd be safer to automatically/manually generate encrypted private keys which can be decrypted with keys you previously generated to use for safe decryption of all your future private keys that are encrypted.
You get the encrypted private keys and decrypt them automatically/manually on very secure devices or on secure physical environments.

This ^ is recommended on well decentralized system (on full node) so that no one ever knows your decryption keys

I think you missed the suggestion that I made...

What I would like to see ..is some kind of method that will enable you to transfer a "Private Key" in a encrypted state, from say a air-gapped computer or a Paper wallet to a online wallet. So you generate or scan the "Private Key" on another "offline" computer and then you encrypt that key ..before you transfer it to the online wallet.

So when you paste that information in the "Private Key" field, you press a combination of keys and it will automatically decrypt it and you can simply press enter to sweep the wallet to the online wallet. (Example : Electrum)  ;)


Title: Re: How many would be interested to have a device that encrypt directly what u type?
Post by: Borilla on June 09, 2021, 04:34:19 PM
You know what you can develop is something that Encrypt the Private Key when you have to "sweep" it from your Paper wallet to your desktop wallet.  ;)  It will be nice if someone will not be able to keylog your Private key, when you are in the process to sweep it from cold storage to your Paper Wallet.

So you can go offline when you "Copy" the Private Key, then this software encrypts it and then you go online again and it is in memory in a encrypted format and once you logged into your Online wallet and you Paste it.. it will decrypt it and insert it in the field to sweep the wallet.  ;)

It is always stressful when you have to sweep a wallet and you do not know if it can be intercepted before you are able to sweep it.  ::)

I guess it'd be safer to automatically/manually generate encrypted private keys which can be decrypted with keys you previously generated to use for safe decryption of all your future private keys that are encrypted.
You get the encrypted private keys and decrypt them automatically/manually on very secure devices or on secure physical environments.

This ^ is recommended on well decentralized system (on full node) so that no one ever knows your decryption keys

I think you missed the suggestion that I made...

What I would like to see ..is some kind of method that will enable you to transfer a "Private Key" in a encrypted state, from say a air-gapped computer or a Paper wallet to a online wallet. So you generate or scan the "Private Key" on another "offline" computer and then you encrypt that key ..before you transfer it to the online wallet.

So when you paste that information in the "Private Key" field, you press a combination of keys and it will automatically decrypt it and you can simply press enter to sweep the wallet to the online wallet. (Example : Electrum)  ;)


I thought that sweeping private keys meant you sign a transaction that sends all your coins to a new address. Which is safe.

Sending a private key, or even have it on my screen is way to risky for me. But if you had to send something secret , like a key, to an online wallet then this wallet should provide their public key so you can have a secure communication.


Title: Re: How many would be interested to have a device that encrypt directly what u type?
Post by: eckmar on June 09, 2021, 07:34:22 PM
I had an idea about my device: offer plans to build it yourself. Buy your components, and build it. Reading about Anom today makes me upset that simple multiplication on a device could have prevented all this. Seeing also that so much money is put into security... I don't understand why nobody has built such thing yet.
My device has the convenience to work immediately with no previous data/key shared between the protagonists, with an en/decryption key by key (you can chat live and decrypt any word real time). But a scheme with shared data/key and the whole message encrypted and  then decrypted is much simpler to realize and as safe (just less cool)



How do you plan to accomplish that without key exchange? One of the most important elements of secure communication is key exchange, there are even algorithms developed to do just that. If you are not going to do that, then you must set a pre shared key when you ship this so called device. Even if you don't do that, and want users to generate keys themselves, what are you going to do then? How are you going to input the public key of other party into the device securely? (Assuming you are talking about asymmetric encryption)


Title: Re: How many would be interested to have a device that encrypt directly what u type?
Post by: eckmar on June 11, 2021, 01:31:11 PM
I had an idea about my device: offer plans to build it yourself. Buy your components, and build it. Reading about Anom today makes me upset that simple multiplication on a device could have prevented all this. Seeing also that so much money is put into security... I don't understand why nobody has built such thing yet.
My device has the convenience to work immediately with no previous data/key shared between the protagonists, with an en/decryption key by key (you can chat live and decrypt any word real time). But a scheme with shared data/key and the whole message encrypted and  then decrypted is much simpler to realize and as safe (just less cool)



How do you plan to accomplish that without key exchange? One of the most important elements of secure communication is key exchange, there are even algorithms developed to do just that. If you are not going to do that, then you must set a pre shared key when you ship this so called device. Even if you don't do that, and want users to generate keys themselves, what are you going to do then? How are you going to input the public key of other party into the device securely? (Assuming you are talking about asymmetric encryption)

Both generate their own secret and public keys. Then the devices can listen and extract a number from the same source on the internet: like NIST beacon or any blockchain. This is how you can start chatting right away with any one owning the same device.

If the device is connected to the internet, and is getting keys from internet, that defeats purpose of it. Man in the middle attacks are much simpler to perform than breaking the encryption. I think your imagination got away from you, you need to be more realistic.


Title: Re: How many would be interested to have a device that encrypt directly what u type?
Post by: Borilla on June 12, 2021, 03:58:42 PM
sorry I was contacted by people interested to produce this device and for now they want me to erase all my answers


Title: Re: How many would be interested to have a device that encrypt directly what u type?
Post by: PrimeNumber7 on June 13, 2021, 12:31:02 AM
I thought about a device that can encrypt what you type character after character! You type a character it is encrypted directly between your keyboard and your computer. What you see on your screen is another character.

<>
 So even if you have a keylogger malware you can send secure messages.
Are you saying that if I typed "x" that something other than "x" would be displayed? Or would the screen display "x"?

If it is the former, you may as well not display anything. And the arguments about the time to decrypt would be moot. If it is the latter, it would not actually prevent keyloggers. Someone with access to your computer would be able to know that you pressed "x". The decryption key would also need to be stored in RAM, so an attacker would be able to obtain the decryption key and decrypt messages. The only thing this setup would protect against would be a device that a keyboard is plugged into that plugs into your computer.


Title: Re: How many would be interested to have a device that encrypt directly what u type?
Post by: eckmar on June 14, 2021, 01:06:05 PM
sorry I was contacted by people interested to produce this device and for now they want me to erase all my answers

yeah right...

I thought about a device that can encrypt what you type character after character! You type a character it is encrypted directly between your keyboard and your computer. What you see on your screen is another character.

<>
 So even if you have a keylogger malware you can send secure messages.
Are you saying that if I typed "x" that something other than "x" would be displayed? Or would the screen display "x"?

If it is the former, you may as well not display anything. And the arguments about the time to decrypt would be moot. If it is the latter, it would not actually prevent keyloggers. Someone with access to your computer would be able to know that you pressed "x". The decryption key would also need to be stored in RAM, so an attacker would be able to obtain the decryption key and decrypt messages. The only thing this setup would protect against would be a device that a keyboard is plugged into that plugs into your computer.

I don't think its any use of explaining that to the OP. If you take a look at the thread, a few different people tried to explained why it won't work for different reasons but OP doesn't understand any of the answers. He is obviously not a developer, and doesn't have a technical background. This is just a wild imagination.



Title: Re: How many would be interested to have a device that encrypt directly what u type?
Post by: NeuroticFish on June 14, 2021, 01:42:50 PM
a device that can encrypt what you type character after character

Um, I fear that such a device's "encryption" will only create permutations (mix up) of the actual printable characters. And I am not convinced it will work properly with unexpectedly large character sets.
Also, if the hacker expects an user types mostly in a certain language, it won't be too difficult to find the key based on what characters come out most often.

a few different people tried to explained why it won't work for different reasons but OP doesn't understand any of the answers. He is obviously not a developer, and doesn't have a technical background. This is just a wild imagination.

I hope that my explanation is simpler  ;D
And yeah, it won't work, not like that.


Title: Re: How many would be interested to have a device that encrypt directly what u type?
Post by: Borilla on June 15, 2021, 06:40:29 PM
you guys are funny I come with a specific question but you can't help to assume and judge not even answering

I feel sorry for you eckmar, I answered all your questions and you still can't get a clue or pass your own mental restrictions
You legendary badge won't protect from ridicule lol

I erased some answers because otherwise the idea isn't patentable and I  just want someone to build it


Title: Re: How many would be interested to have a device that encrypt directly what u type?
Post by: NotATether on June 15, 2021, 06:58:12 PM
sorry I was contacted by people interested to produce this device and for now they want me to erase all my answers

Why? bitcointalk.org posts (particularly threads topics with ideas in them such as yours) are NOT eligible for patent protection.