|
tsoPANos (OP)
|
 |
September 02, 2013, 02:16:39 PM |
|
I would be really be excited if you're kind enough to add anti-keylogging features. For example, this program adds anti-keylogging feautures on the most popular browsers. http://www.qfxsoftware.com/I think it would be possible to do this for Bitcoin-Qt!  |
|
|
|
|
favdesu
Legendary
 Offline
Activity: 1764
Merit: 1000
|
|
September 02, 2013, 02:33:25 PM |
|
startpaged it, found this: I would never install a software that has access to all my passwords and other information from a company that is unknown. sounds reasonable, the client/s are safe because they don't relay on 3rd party tools. |
|
|
|
etotheipi
Legendary
Offline
Activity: 1428
Merit: 1093
Core Armory Developer
|
|
September 02, 2013, 03:29:24 PM |
|
By the way, Armory has anti-keylogging option for entering your password. https://bitcointalk.org/index.php?topic=56424.msg1761230#msg1761230It simply allows you to use the mouse to click your password, and it randomizes the key layout so that something recording mouse clicks doesn't know what's being clicked. It's not a silver bullet against anything, but it's built-in and not any worse than using the keyboard. |
|
|
|
|
tsoPANos (OP)
|
|
September 02, 2013, 05:41:34 PM |
|
startpaged it, found this: I would never install a software that has access to all my passwords and other information from a company that is unknown. sounds reasonable, the client/s are safe because they don't relay on 3rd party tools. No, I'm not intending to integrate third party software! A built-in keylogger protector, which encrypts the keystrokes, like this. http://www.qfxsoftware.com/ks-windows/how-it-works.htmBy the way, Armory has anti-keylogging option for entering your password. https://bitcointalk.org/index.php?topic=56424.msg1761230#msg1761230It simply allows you to use the mouse to click your password, and it randomizes the key layout so that something recording mouse clicks doesn't know what's being clicked. It's not a silver bullet against anything, but it's built-in and not any worse than using the keyboard. Any possibility of implementing this? using the mouse is weak, as many malware programs screen-capture. http://www.qfxsoftware.com/ks-windows/how-it-works.htm |
|
|
|
|
etotheipi
Legendary
Offline
Activity: 1428
Merit: 1093
Core Armory Developer
|
|
September 02, 2013, 06:29:19 PM |
|
startpaged it, found this: I would never install a software that has access to all my passwords and other information from a company that is unknown. sounds reasonable, the client/s are safe because they don't relay on 3rd party tools. No, I'm not intending to integrate third party software! A built-in keylogger protector, which encrypts the keystrokes, like this. http://www.qfxsoftware.com/ks-windows/how-it-works.htmBy the way, Armory has anti-keylogging option for entering your password. https://bitcointalk.org/index.php?topic=56424.msg1761230#msg1761230It simply allows you to use the mouse to click your password, and it randomizes the key layout so that something recording mouse clicks doesn't know what's being clicked. It's not a silver bullet against anything, but it's built-in and not any worse than using the keyboard. Any possibility of implementing this? using the mouse is weak, as many malware programs screen-capture. http://www.qfxsoftware.com/ks-windows/how-it-works.htmIf the malware is advanced/integrated enough to record mouseclicks, screenshots, and implement OCR to identify the characters being clicked, it's advanced enough to pull your private keys out of RAM when you unlock your wallet. At that point, the only thing that will protect you is to use an offline computer. This gives you a little extra protection against "simple" keyloggers, but nothing more. I haven't looked too much at that website, but it sounds like snake oil. Your keystrokes have to make it to the application decrypted at some point, so you're probably removing only the simplest of keyloggers with that 3rd party tool anyway. WHich is what this scrambled keyboard does. |
|
|
|
|
tsoPANos (OP)
|
|
September 02, 2013, 06:50:49 PM |
|
startpaged it, found this: I would never install a software that has access to all my passwords and other information from a company that is unknown. sounds reasonable, the client/s are safe because they don't relay on 3rd party tools. No, I'm not intending to integrate third party software! A built-in keylogger protector, which encrypts the keystrokes, like this. http://www.qfxsoftware.com/ks-windows/how-it-works.htmBy the way, Armory has anti-keylogging option for entering your password. https://bitcointalk.org/index.php?topic=56424.msg1761230#msg1761230It simply allows you to use the mouse to click your password, and it randomizes the key layout so that something recording mouse clicks doesn't know what's being clicked. It's not a silver bullet against anything, but it's built-in and not any worse than using the keyboard. Any possibility of implementing this? using the mouse is weak, as many malware programs screen-capture. http://www.qfxsoftware.com/ks-windows/how-it-works.htmIf the malware is advanced/integrated enough to record mouseclicks, screenshots, and implement OCR to identify the characters being clicked, it's advanced enough to pull your private keys out of RAM when you unlock your wallet. At that point, the only thing that will protect you is to use an offline computer. This gives you a little extra protection against "simple" keyloggers, but nothing more. I haven't looked too much at that website, but it sounds like snake oil. Your keystrokes have to make it to the application decrypted at some point, so you're probably removing only the simplest of keyloggers with that 3rd party tool anyway. WHich is what this scrambled keyboard does. OK, now I got the point. Keyloggers can dump the address the moment when the wallet program decrypts the wallet.dat. Is it possible to keep the wallet encrypted inside the memory? Sorry if I'm asking noob questions, my coding experience is something sit further than 'hello world!' |
|
|
|
|
gmaxwell
Moderator
Legendary
Offline
Activity: 4200
Merit: 8439
|
|
September 03, 2013, 01:55:35 AM |
|
Bitcoin specific malware is a point and click choice now in malware authoring tools. I do not see much value in anti-malware data entry, especially since it penalizes users from choosing passphrases which are long enough to withstand strong guessing attacks.
|
|
|
|
|
Dabs
Legendary
Offline
Activity: 3416
Merit: 1912
The Concierge of Crypto
|
|
September 03, 2013, 05:17:08 AM |
|
I've seen KeyScrambler, but I would never pay for it. There's also NeoSafeKeys, which is free.
|
|
|
|
kjj
Legendary
Offline
Activity: 1302
Merit: 1025
|
|
September 03, 2013, 11:12:29 AM |
|
If the malware is advanced/integrated enough to record mouseclicks, screenshots, and implement OCR to identify the characters being clicked, it's advanced enough to pull your private keys out of RAM when you unlock your wallet. At that point, the only thing that will protect you is to use an offline computer.
Bitcoin specific malware is a point and click choice now in malware authoring tools. I do not see much value in anti-malware data entry, especially since it penalizes users from choosing passphrases which are long enough to withstand strong guessing attacks.
The proper solution, of course, is to practice good computer hygiene so that you don't get malware. As has already been pointed out, it is foolish to hope for only "dumb" malware. |
17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8
I routinely ignore posters with paid advertising in their sigs. You should too.
|
|
|
|
