[118764] in Cypherpunks
Scheme to beat all keyboard sniffers
daemon@ATHENA.MIT.EDU (Gary Jeffers)
Thu Oct 7 16:03:17 1999
Message-ID: <19991007193128.86370.qmail@hotmail.com>
From: "Gary Jeffers" <jeffersgary@hotmail.com>
To: cypherpunks@cyberpass.net
Date: Thu, 07 Oct 1999 14:31:28 CDT
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Reply-To: "Gary Jeffers" <jeffersgary@hotmail.com>
Scheme to beat all keyboard sniffers
A S D F G H J K L ; ' - The static keyboard representation
- - - - - - - - - - -
i b w t j q d m r p s - The variable crypt correspondents
Sunder's cross post "hw keyboard sniffers" demonstrates the necessity of
making a keyboard ANTI- sniffer routine. It is obvious
that the great majority of users would be helpless against the
sniffer product.
Historically, computer threats have come mostly from viruses
whose business is to replicate and sometimes destroy data. I believe
that we are moving into an era where the major threat to our
computers will be control and, especially, surveillance.
The problem of getting past all hardware sniffers is that a
scheme for doing it would probably mean slow input. Most of us
are trained in touch typing with a "standard" keyboard.
I think that I have a way around this problem. Above, I have a
layout for a screen representation with scheme that could surely bypass any
sniffer while allowing fast input.
The uppercase and underlined line represents a part of the
keyboard. An actual implementation would map all the data keys of
the keyboard. The upper case line represents the characters that
you would like to enter. It is also unchanging - static. The lower case line
represents the "crypt" correspondences to the static line
keys. The crypt line characters are variable.
Lets say you want to enter "a". You see that its crypt
correspondent is "i". So, you touch type "i". This enters your "a".
Immediately after, a strong crypt function substitutes another
letter to replace the "i" - say "z". The "i" has been "used up" on
one use. This will prevent a cryptanalyst from getting plain text.
This scheme is a program function rather than a standalone
program. It would be a module that could be used in many high
security applications. Such as, simple word processors and in
security products that required a secure entry of a pass phrase
or pass word. It could also be used in a product that required
secure strings or other data. etc.....
Yours Truly,
Gary Jeffers
BEAT STATE!!!!!!
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
