Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Most common keystroke loggers?

From: Blue Boar <BlueBoar () thievco com>
Date: Thu, 01 Dec 2005 16:48:30 -0800
Kyle Lutze wrote:
say somebody's password is foobar, on screen there would be a page that shows the new alignment of characters,such as saying a=c, d=3, b=z, etc. so instead of typing foobar the password they would type in for that session would be hnnzck.
The next time the screen came up, it would be a=n, b=l, etc. and the password they would enter would be something else. Then, if the computer had a keylogger, not too much anybody could do with that info.
If the only threat in the world were keyloggers, there are many schemes you could use. My main point is that if your computer is fully compromised and the attacker can adapt, there's no scheme you can up by adding just software to the existing client computers that will help.
Second, the scheme you just proposed is a monoalphabetic substitution cipher. The are considered somewhat weak, i.e. they print them in the newspaper to be solved with a pencil during your communte. 

                                                BB
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: