Bitcoin Forum
December 09, 2016, 02:24:05 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: sending keystrokes from one computer to another  (Read 1945 times)
ctoon6
Sr. Member
****
Offline Offline

Activity: 350



View Profile
September 28, 2011, 11:26:20 PM
 #1

heres what i would like to do

i want to have keepass set up on an offline computer to send passwords via usb or some other cable to a computer to log in. it does not need to be keepass, but it would be nice and easy if it was since all my passwords are in keepass already.

is this possible? it doesn't need to be usb, and i don't really want to use a VNC.

i want to do this to avoid one of the biggest problems with keepass, if my computer were to get infected, it would be very bad because the password DB could easily get stolen, along with all of my accounts.

1481250245
Hero Member
*
Offline Offline

Posts: 1481250245

View Profile Personal Message (Offline)

Ignore
1481250245
Reply with quote  #2

1481250245
Report to moderator
1481250245
Hero Member
*
Offline Offline

Posts: 1481250245

View Profile Personal Message (Offline)

Ignore
1481250245
Reply with quote  #2

1481250245
Report to moderator
1481250245
Hero Member
*
Offline Offline

Posts: 1481250245

View Profile Personal Message (Offline)

Ignore
1481250245
Reply with quote  #2

1481250245
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
ovidiusoft
Sr. Member
****
Offline Offline

Activity: 252


View Profile
September 29, 2011, 07:33:32 AM
 #2

If your computer were to be infected, your passwords can be sniffed no matter where you "type" them from: keyboard, local keepass or keepass on another computer.

Just don't get infected. Use a operating system that's secured by design (Linux), use a live CD, switch to OTP/two-factor auth whenever possible, don't run software from unverified sources, don't random click on any link, read error/warning messages.

If you want to be super-extra-paranoid, you could run keepass on an unconnected computer (and I mean *really* unconnected, don't even use a USB cable). When you need to log in, you read the password from the keepass' computer screen and type it on your main computer's keyboard. If at any point you get infected, only the passwords you used in the infection-to-detection window will be compromised. For some more extra paranoia, you should change all your passwords regularly, using the Linux live CD I mentioned.
Exonumia
Full Member
***
Offline Offline

Activity: 190



View Profile
September 29, 2011, 08:52:31 AM
 #3

heres what i would like to do

i want to have keepass set up on an offline computer to send passwords via usb or some other cable to a computer to log in. it does not need to be keepass, but it would be nice and easy if it was since all my passwords are in keepass already.

is this possible? it doesn't need to be usb, and i don't really want to use a VNC.

i want to do this to avoid one of the biggest problems with keepass, if my computer were to get infected, it would be very bad because the password DB could easily get stolen, along with all of my accounts.

I currently use an old ipod touch and "MyKeePass" (an iOS KeePass 1.0 compatable app) for my very serious passwords. It is not on wifi and doesn't get updated, although it does get synched to a offline machine now and again.

I have been thinking of this very concept lately. I am toying currently with the idea of building an ios or android app that will let me turn an ipod/android device into a usb keyboard device ( with a sanitized send only setup of some sort )... of course keylogger would still pickup the pasted password, but, would be easier than typing it in each time ( which is how I am having to do it now Wink ).

It would also be cool to perform something like KeePass2.0's Two Channel Obfuscation... will have to gander at their implementation in the source.
ctoon6
Sr. Member
****
Offline Offline

Activity: 350



View Profile
September 29, 2011, 06:51:40 PM
 #4

so aside from the pointless ramblings of don't get infected, there is no solution for me to emulate a keyboard to send keystroke?

ovidiusoft
Sr. Member
****
Offline Offline

Activity: 252


View Profile
September 30, 2011, 07:20:48 AM
 #5

so aside from the pointless ramblings of don't get infected, there is no solution for me to emulate a keyboard to send keystroke?

It's sad that you consider my reply "pointless ramblings". I was just trying to help you realize that you're planning for failure. If your computer gets infected there is NO way to protect your accounts, nu matter where you store your passwords. Since you're not willing to accept that, please allow me to retract my advice. Also, I do believe there are ways to emulate a keyboard via USB and I hope you'll find one that suits you.
freequant
Hero Member
*****
Offline Offline

Activity: 700


View Profile
October 01, 2011, 07:10:26 PM
 #6

so aside from the pointless ramblings of don't get infected, there is no solution for me to emulate a keyboard to send keystroke?

Maybe mentioning which OS your are using on both boxes would help.
If you are under linux, you can simply echo your password in the serial port device (/dev/ttys0 or whatever it named on your system) and it will simulate keystrokes provided that both ends use the same baud rate and framing. I haven't tried with USB, but that should work just the same.
ctoon6
Sr. Member
****
Offline Offline

Activity: 350



View Profile
October 01, 2011, 07:14:17 PM
 #7

so aside from the pointless ramblings of don't get infected, there is no solution for me to emulate a keyboard to send keystroke?

Maybe mentioning which OS your are using on both boxes would help.
If you are under linux, you can simply echo your password in the serial port device (/dev/ttys0 or whatever it named on your system) and it will simulate keystrokes provided that both ends use the same baud rate and framing. I haven't tried with USB, but that should work just the same.

i use windows on the main machine, but i can instal Linux on the other if needed. although i am a novice Linux user and would not know how to configure it, so it would probably not be a secure as a windows machine i set up. although i have started getting a feel for it, so i could adjust, and probably should so i can use both.

cruikshank
Member
**
Offline Offline

Activity: 84


View Profile
October 10, 2011, 09:36:59 AM
 #8

If you have only a hand full of sites you use keepass with, you might want to see if this is something that could work for you:
http://blog.jgc.org/2010/12/write-your-passwords-down.html

And there is a site that has a generator using Java SHA1PRNG Algorithm here: http://crackneck.com/miniProjects/tabulaRecta.cfm

What it lacks in the convenience that keepass has with auto-filling in credentials, it makes up for in security since malware or a hard drive crash wouldn't affect it. And since no one would know what it is if they came across it or how you decided the site and password algorithm you could print out multiple copies to have easy backups.

1JvnFCbMXAyeooPggF9snLAeg3A2QVV8eh
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!