Bitcoin Forum
December 13, 2017, 08:01:39 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: [REQ] Anti-keylogger features  (Read 1080 times)
tsoPANos
Hero Member
*****
Offline Offline

Activity: 560

Don't let them take away your potential. Fight.


View Profile
September 02, 2013, 02:16:39 PM
 #1

I would be really be excited if you're kind enough to add anti-keylogging features.
For example, this program adds anti-keylogging feautures on the most popular browsers.
http://www.qfxsoftware.com/
I think it would be possible to do this for Bitcoin-Qt!   Roll Eyes
1513152099
Hero Member
*
Offline Offline

Posts: 1513152099

View Profile Personal Message (Offline)

Ignore
1513152099
Reply with quote  #2

1513152099
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
favdesu
Legendary
*
Offline Offline

Activity: 1260



View Profile WWW
September 02, 2013, 02:33:25 PM
 #2

startpaged it, found this:

Quote
I would never install a software that has access to all my passwords and other information from a company that is unknown.

sounds reasonable, the client/s are safe because they don't relay on 3rd party tools.

How to Buy BitShares & EOS ►Click Here
etotheipi
Legendary
*
expert
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
September 02, 2013, 03:29:24 PM
 #3

By the way, Armory has anti-keylogging option for entering your password.

https://bitcointalk.org/index.php?topic=56424.msg1761230#msg1761230

It simply allows you to use the mouse to click your password, and it randomizes the key layout so that something recording mouse clicks doesn't know what's being clicked.  It's not a silver bullet against anything, but it's built-in and not any worse than using the keyboard.

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
tsoPANos
Hero Member
*****
Offline Offline

Activity: 560

Don't let them take away your potential. Fight.


View Profile
September 02, 2013, 05:41:34 PM
 #4

startpaged it, found this:

Quote
I would never install a software that has access to all my passwords and other information from a company that is unknown.

sounds reasonable, the client/s are safe because they don't relay on 3rd party tools.
No, I'm not intending to integrate third party software!
A built-in keylogger protector, which encrypts the keystrokes, like this.
http://www.qfxsoftware.com/ks-windows/how-it-works.htm

By the way, Armory has anti-keylogging option for entering your password.

https://bitcointalk.org/index.php?topic=56424.msg1761230#msg1761230

It simply allows you to use the mouse to click your password, and it randomizes the key layout so that something recording mouse clicks doesn't know what's being clicked.  It's not a silver bullet against anything, but it's built-in and not any worse than using the keyboard.
Any possibility of implementing this?
using the mouse is weak, as many malware programs screen-capture.
http://www.qfxsoftware.com/ks-windows/how-it-works.htm
etotheipi
Legendary
*
expert
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
September 02, 2013, 06:29:19 PM
 #5

startpaged it, found this:

Quote
I would never install a software that has access to all my passwords and other information from a company that is unknown.

sounds reasonable, the client/s are safe because they don't relay on 3rd party tools.
No, I'm not intending to integrate third party software!
A built-in keylogger protector, which encrypts the keystrokes, like this.
http://www.qfxsoftware.com/ks-windows/how-it-works.htm

By the way, Armory has anti-keylogging option for entering your password.

https://bitcointalk.org/index.php?topic=56424.msg1761230#msg1761230

It simply allows you to use the mouse to click your password, and it randomizes the key layout so that something recording mouse clicks doesn't know what's being clicked.  It's not a silver bullet against anything, but it's built-in and not any worse than using the keyboard.
Any possibility of implementing this?
using the mouse is weak, as many malware programs screen-capture.
http://www.qfxsoftware.com/ks-windows/how-it-works.htm


If the malware is advanced/integrated enough to record mouseclicks, screenshots, and implement OCR to identify the characters being clicked, it's advanced enough to pull your private keys out of RAM when you unlock your wallet.  At that point, the only thing that will protect you is to use an offline computer.

This gives you a little extra protection against "simple" keyloggers, but nothing more.  I haven't looked too much at that website, but it sounds like snake oil.  Your keystrokes have to make it to the application decrypted at some point, so you're probably removing only the simplest of keyloggers with that 3rd party tool anyway.  WHich is what this scrambled keyboard does.

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
tsoPANos
Hero Member
*****
Offline Offline

Activity: 560

Don't let them take away your potential. Fight.


View Profile
September 02, 2013, 06:50:49 PM
 #6

startpaged it, found this:

Quote
I would never install a software that has access to all my passwords and other information from a company that is unknown.

sounds reasonable, the client/s are safe because they don't relay on 3rd party tools.
No, I'm not intending to integrate third party software!
A built-in keylogger protector, which encrypts the keystrokes, like this.
http://www.qfxsoftware.com/ks-windows/how-it-works.htm

By the way, Armory has anti-keylogging option for entering your password.

https://bitcointalk.org/index.php?topic=56424.msg1761230#msg1761230

It simply allows you to use the mouse to click your password, and it randomizes the key layout so that something recording mouse clicks doesn't know what's being clicked.  It's not a silver bullet against anything, but it's built-in and not any worse than using the keyboard.
Any possibility of implementing this?
using the mouse is weak, as many malware programs screen-capture.
http://www.qfxsoftware.com/ks-windows/how-it-works.htm


If the malware is advanced/integrated enough to record mouseclicks, screenshots, and implement OCR to identify the characters being clicked, it's advanced enough to pull your private keys out of RAM when you unlock your wallet.  At that point, the only thing that will protect you is to use an offline computer.

This gives you a little extra protection against "simple" keyloggers, but nothing more.  I haven't looked too much at that website, but it sounds like snake oil.  Your keystrokes have to make it to the application decrypted at some point, so you're probably removing only the simplest of keyloggers with that 3rd party tool anyway.  WHich is what this scrambled keyboard does.
OK, now I got the point.
Keyloggers can dump the address the moment when the wallet program decrypts the wallet.dat. Is it possible to keep the wallet encrypted inside the memory? Sorry if I'm asking noob questions, my coding experience is something sit further than 'hello world!'
gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2366



View Profile
September 03, 2013, 01:55:35 AM
 #7

Bitcoin specific malware is a point and click choice now in malware authoring tools.  I do not see much value in anti-malware data entry, especially since it penalizes users from choosing passphrases which are long enough to withstand strong guessing attacks.


Bitcoin will not be compromised
Dabs
Staff
Legendary
*
Offline Offline

Activity: 1890



View Profile
September 03, 2013, 05:17:08 AM
 #8

I've seen KeyScrambler, but I would never pay for it. There's also NeoSafeKeys, which is free.

Escrow Service (Services) - GPG ID: 32AD7565, OTC ID: Dabs
All messages concerning escrow or with bitcoin addresses are GPG signed. Please verify.
CompTIA A+, Microsoft Certified Professional, MCSA: Windows 10; Windows Server 2012, MCSE: Cloud Platform and Infrastructure; Productivity; Messaging
kjj
Legendary
*
Offline Offline

Activity: 1302



View Profile
September 03, 2013, 11:12:29 AM
 #9

If the malware is advanced/integrated enough to record mouseclicks, screenshots, and implement OCR to identify the characters being clicked, it's advanced enough to pull your private keys out of RAM when you unlock your wallet.  At that point, the only thing that will protect you is to use an offline computer.

Bitcoin specific malware is a point and click choice now in malware authoring tools.  I do not see much value in anti-malware data entry, especially since it penalizes users from choosing passphrases which are long enough to withstand strong guessing attacks.

The proper solution, of course, is to practice good computer hygiene so that you don't get malware.  As has already been pointed out, it is foolish to hope for only "dumb" malware.

p2pcoin: a USB/CD/PXE p2pool miner - 1N8ZXx2cuMzqBYSK72X4DAy1UdDbZQNPLf - todo
I routinely ignore posters with paid advertising in their sigs.  You should too.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!