Bitcoin Forum
May 14, 2024, 01:37:35 AM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Other > Beginners & Help > problem of keyloggers...
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: problem of keyloggers...  (Read 779 times)
preventkeylogging (OP)
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile
June 19, 2011, 02:10:04 PM
 #1
I run ubuntu, and everytime I need sudo, the interface halts and prompts me for password.. I would like to believe that the OS at this point does not relay keystrokes to other software at that time (even if they requested to receive keyboard input). How hard can it be to have only kernel or X window system have access to wallet.dat, and not propagating keyboard events when giving a password to temporarily decrypt a wallet.dat?
You get merit points when someone likes your post enough to give you some. And for every 2 merit points you receive, you can send 1 merit point to someone else!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1715650655
Hero Member
*
Offline Offline

Posts: 1715650655

View Profile Personal Message (Offline)

Ignore
1715650655
1715650655
Reply with quote  #2
1715650655
Report to moderator
BitCoinBarter
Newbie
*
Offline Offline

Activity: 56
Merit: 0



View Profile
June 19, 2011, 05:53:49 PM
 #2
preventkeylogging,

I do not have an answer for your question. Hopefully someone else does and will post it.

Why did I post (since this post is not helping  Smiley)?
I believe that the OS would relay keystrokes even when you use sudo.

I could be wrong and I hope I am.
Joise
Newbie
*
Offline Offline

Activity: 30
Merit: 0


View Profile
June 19, 2011, 06:30:40 PM
 #3
If you use X windows, every keystroke goes through the X server and in theory, keystrokes can be grabbed.

I am not aware whether that is a problem. If you want to avoid that risk completely, you would decrypt the wallet in a console window which can't accessed by other running programs for input at the same time.

However the most important thing for a Linux system is to assure that no untrusted software runs within the system or the user space. The reason for that is if evil programs cannot do keylogging, they could do other malicious things, for example replace the bitcoin executable. The good point is that almost all programs are protected by their file permissions. That makes it relatively hard to get malware in.

An option is to use SELinux (poorly supported by Ubuntu so far, but much better by Red Hat), which restricts many of the unused freedoms programs may have.

The first thing you would do to enhance security is to use no or only a minimal web browser, as their plugins are located often in user space. Next you could strip down the system to contain only the most necessary subset of software. What is not there can't be hacked.

So for high-security demands you could end up with a system featuring SELinux, a stripped down install, a console bitcoin client and only minimal software.
Pages: [1]
  Print  
Bitcoin Forum > Other > Beginners & Help > problem of keyloggers...
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!