[REQ] Anti-keylogger features | Bitcointalksearch.org

kjj

legendary

Activity: 1302

Merit: 1026

Quote from: etotheipi on September 02, 2013, 01:29:19 PM

If the malware is advanced/integrated enough to record mouseclicks, screenshots, and implement OCR to identify the characters being clicked, it's advanced enough to pull your private keys out of RAM when you unlock your wallet. At that point, the only thing that will protect you is to use an offline computer.

Quote from: gmaxwell on September 02, 2013, 08:55:35 PM

Bitcoin specific malware is a point and click choice now in malware authoring tools. I do not see much value in anti-malware data entry, especially since it penalizes users from choosing passphrases which are long enough to withstand strong guessing attacks.

The proper solution, of course, is to practice good computer hygiene so that you don't get malware. As has already been pointed out, it is foolish to hope for only "dumb" malware.

Dabs

legendary

Activity: 3416

Merit: 1912

The Concierge of Crypto

I've seen KeyScrambler, but I would never pay for it. There's also NeoSafeKeys, which is free.

gmaxwell

staff

Activity: 4284

Merit: 8808

Bitcoin specific malware is a point and click choice now in malware authoring tools. I do not see much value in anti-malware data entry, especially since it penalizes users from choosing passphrases which are long enough to withstand strong guessing attacks.

tsoPANos

hero member

Activity: 602

Merit: 500

In math we trust.

Quote from: etotheipi on September 02, 2013, 01:29:19 PM

Quote from: tsoPANos on September 02, 2013, 12:41:34 PM

Quote from: favdesu on September 02, 2013, 09:33:25 AM

startpaged it, found this:

Quote

I would never install a software that has access to all my passwords and other information from a company that is unknown.

sounds reasonable, the client/s are safe because they don't relay on 3rd party tools.

No, I'm not intending to integrate third party software!
A built-in keylogger protector, which encrypts the keystrokes, like this.
http://www.qfxsoftware.com/ks-windows/how-it-works.htm

Quote from: etotheipi on September 02, 2013, 10:29:24 AM

By the way, Armory has anti-keylogging option for entering your password.

https://bitcointalksearch.org/topic/m.1761230

It simply allows you to use the mouse to click your password, and it randomizes the key layout so that something recording mouse clicks doesn't know what's being clicked. It's not a silver bullet against anything, but it's built-in and not any worse than using the keyboard.

Any possibility of implementing this?
using the mouse is weak, as many malware programs screen-capture.
http://www.qfxsoftware.com/ks-windows/how-it-works.htm

If the malware is advanced/integrated enough to record mouseclicks, screenshots, and implement OCR to identify the characters being clicked, it's advanced enough to pull your private keys out of RAM when you unlock your wallet. At that point, the only thing that will protect you is to use an offline computer.

This gives you a little extra protection against "simple" keyloggers, but nothing more. I haven't looked too much at that website, but it sounds like snake oil. Your keystrokes have to make it to the application decrypted at some point, so you're probably removing only the simplest of keyloggers with that 3rd party tool anyway. WHich is what this scrambled keyboard does.

OK, now I got the point.
Keyloggers can dump the address the moment when the wallet program decrypts the wallet.dat. Is it possible to keep the wallet encrypted inside the memory? Sorry if I'm asking noob questions, my coding experience is something sit further than 'hello world!'

etotheipi

legendary

Activity: 1428

Merit: 1093

Core Armory Developer

Quote from: tsoPANos on September 02, 2013, 12:41:34 PM

Quote from: favdesu on September 02, 2013, 09:33:25 AM

startpaged it, found this:

Quote

I would never install a software that has access to all my passwords and other information from a company that is unknown.

sounds reasonable, the client/s are safe because they don't relay on 3rd party tools.

No, I'm not intending to integrate third party software!
A built-in keylogger protector, which encrypts the keystrokes, like this.
http://www.qfxsoftware.com/ks-windows/how-it-works.htm

Quote from: etotheipi on September 02, 2013, 10:29:24 AM

By the way, Armory has anti-keylogging option for entering your password.

https://bitcointalksearch.org/topic/m.1761230

It simply allows you to use the mouse to click your password, and it randomizes the key layout so that something recording mouse clicks doesn't know what's being clicked. It's not a silver bullet against anything, but it's built-in and not any worse than using the keyboard.

Any possibility of implementing this?
using the mouse is weak, as many malware programs screen-capture.
http://www.qfxsoftware.com/ks-windows/how-it-works.htm

If the malware is advanced/integrated enough to record mouseclicks, screenshots, and implement OCR to identify the characters being clicked, it's advanced enough to pull your private keys out of RAM when you unlock your wallet. At that point, the only thing that will protect you is to use an offline computer.

This gives you a little extra protection against "simple" keyloggers, but nothing more. I haven't looked too much at that website, but it sounds like snake oil. Your keystrokes have to make it to the application decrypted at some point, so you're probably removing only the simplest of keyloggers with that 3rd party tool anyway. WHich is what this scrambled keyboard does.

tsoPANos

hero member

Activity: 602

Merit: 500

In math we trust.

Quote from: favdesu on September 02, 2013, 09:33:25 AM

startpaged it, found this:

Quote

I would never install a software that has access to all my passwords and other information from a company that is unknown.

sounds reasonable, the client/s are safe because they don't relay on 3rd party tools.

No, I'm not intending to integrate third party software!
A built-in keylogger protector, which encrypts the keystrokes, like this.
http://www.qfxsoftware.com/ks-windows/how-it-works.htm

Quote from: etotheipi on September 02, 2013, 10:29:24 AM

By the way, Armory has anti-keylogging option for entering your password.

https://bitcointalksearch.org/topic/m.1761230

It simply allows you to use the mouse to click your password, and it randomizes the key layout so that something recording mouse clicks doesn't know what's being clicked. It's not a silver bullet against anything, but it's built-in and not any worse than using the keyboard.

Any possibility of implementing this?
using the mouse is weak, as many malware programs screen-capture.
http://www.qfxsoftware.com/ks-windows/how-it-works.htm

etotheipi

legendary

Activity: 1428

Merit: 1093

Core Armory Developer

By the way, Armory has anti-keylogging option for entering your password.

https://bitcointalksearch.org/topic/m.1761230

It simply allows you to use the mouse to click your password, and it randomizes the key layout so that something recording mouse clicks doesn't know what's being clicked. It's not a silver bullet against anything, but it's built-in and not any worse than using the keyboard.

favdesu

legendary

Activity: 1764

Merit: 1000

startpaged it, found this:

Quote

I would never install a software that has access to all my passwords and other information from a company that is unknown.

sounds reasonable, the client/s are safe because they don't relay on 3rd party tools.

tsoPANos

hero member

Activity: 602

Merit: 500

In math we trust.

I would be really be excited if you're kind enough to add anti-keylogging features.
For example, this program adds anti-keylogging feautures on the most popular browsers.
http://www.qfxsoftware.com/
I think it would be possible to do this for Bitcoin-Qt! Roll Eyes

Topic: [REQ] Anti-keylogger features (Read 1190 times)