[118767] in Cypherpunks
Re: Scheme to beat all keyboard sniffers
daemon@ATHENA.MIT.EDU (Sean Roach)
Thu Oct 7 17:22:36 1999
Message-Id: <3.0.6.32.19991007154152.0084c100@mail.intplsrv.net>
Date: Thu, 07 Oct 1999 15:41:52 -0500
To: cypherpunks@algebra.com
From: Sean Roach <roach_s@mail.intplsrv.net>
In-Reply-To: <19991007193128.86370.qmail@hotmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Reply-To: Sean Roach <roach_s@mail.intplsrv.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 02:31 PM 10/7/99 CDT, Gary Jeffers supposedly wrote:
>
> Scheme to beat all keyboard sniffers
>
>
>A S D F G H J K L ; ' - The static keyboard representation
>- - - - - - - - - - -
>
>i b w t j q d m r p s - The variable crypt correspondents
>
> Sunder's cross post "hw keyboard sniffers" demonstrates the
> necessity of
>making a keyboard ANTI- sniffer routine. It is obvious
>that the great majority of users would be helpless against the
>sniffer product.
>
> Historically, computer threats have come mostly from viruses
>whose business is to replicate and sometimes destroy data. I believe
>that we are moving into an era where the major threat to our
>computers will be control and, especially, surveillance.
>
> The problem of getting past all hardware sniffers is that a
>scheme for doing it would probably mean slow input. Most of us
>are trained in touch typing with a "standard" keyboard.
>
> I think that I have a way around this problem. Above, I have a
>layout for a screen representation with scheme that could surely
>bypass any sniffer while allowing fast input.
>
> The uppercase and underlined line represents a part of the
>keyboard. An actual implementation would map all the data keys of
>the keyboard. The upper case line represents the characters that
>you would like to enter. It is also unchanging - static. The lower
>case line represents the "crypt" correspondences to the static line
>keys. The crypt line characters are variable.
>
> Lets say you want to enter "a". You see that its crypt
>correspondent is "i". So, you touch type "i". This enters your "a".
>Immediately after, a strong crypt function substitutes another
>letter to replace the "i" - say "z". The "i" has been "used up" on
>one use. This will prevent a cryptanalyst from getting plain text.
>
> This scheme is a program function rather than a standalone
>program. It would be a module that could be used in many high
>security applications. Such as, simple word processors and in
>security products that required a secure entry of a pass phrase
>or pass word. It could also be used in a product that required
>secure strings or other data. etc.....
>
>Yours Truly,
>Gary Jeffers
>
>BEAT STATE!!!!!!
I doubt many would be content to use such a convoluted system. I
certainly wouldn't.
BTW, the Gary Jeffers who normally writes here uses a different
e-mail address. Who are you? Then again, this does seem to match
his posts in my less than informed judgement.
Sean Roach
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.1 for non-commercial use <http://www.pgp.com>
iQA/AwUBN/0FhZHDoiHtqFDZEQLt7ACeIGGksv/IVbagI6kaOScNSAI0bu8AoJq2
vmXbSO4EuuDXiWZtC88AYbn8
=xdff
-----END PGP SIGNATURE-----
