Author

Topic: sending keystrokes from one computer to another (Read 2209 times)

member
Activity: 84
Merit: 10
October 10, 2011, 04:36:59 AM
#8
If you have only a hand full of sites you use keepass with, you might want to see if this is something that could work for you:
http://blog.jgc.org/2010/12/write-your-passwords-down.html

And there is a site that has a generator using Java SHA1PRNG Algorithm here: http://crackneck.com/miniProjects/tabulaRecta.cfm

What it lacks in the convenience that keepass has with auto-filling in credentials, it makes up for in security since malware or a hard drive crash wouldn't affect it. And since no one would know what it is if they came across it or how you decided the site and password algorithm you could print out multiple copies to have easy backups.
sr. member
Activity: 350
Merit: 251
so aside from the pointless ramblings of don't get infected, there is no solution for me to emulate a keyboard to send keystroke?

Maybe mentioning which OS your are using on both boxes would help.
If you are under linux, you can simply echo your password in the serial port device (/dev/ttys0 or whatever it named on your system) and it will simulate keystrokes provided that both ends use the same baud rate and framing. I haven't tried with USB, but that should work just the same.

i use windows on the main machine, but i can instal Linux on the other if needed. although i am a novice Linux user and would not know how to configure it, so it would probably not be a secure as a windows machine i set up. although i have started getting a feel for it, so i could adjust, and probably should so i can use both.
hero member
Activity: 770
Merit: 500
so aside from the pointless ramblings of don't get infected, there is no solution for me to emulate a keyboard to send keystroke?

Maybe mentioning which OS your are using on both boxes would help.
If you are under linux, you can simply echo your password in the serial port device (/dev/ttys0 or whatever it named on your system) and it will simulate keystrokes provided that both ends use the same baud rate and framing. I haven't tried with USB, but that should work just the same.
sr. member
Activity: 252
Merit: 250
so aside from the pointless ramblings of don't get infected, there is no solution for me to emulate a keyboard to send keystroke?

It's sad that you consider my reply "pointless ramblings". I was just trying to help you realize that you're planning for failure. If your computer gets infected there is NO way to protect your accounts, nu matter where you store your passwords. Since you're not willing to accept that, please allow me to retract my advice. Also, I do believe there are ways to emulate a keyboard via USB and I hope you'll find one that suits you.
sr. member
Activity: 350
Merit: 251
so aside from the pointless ramblings of don't get infected, there is no solution for me to emulate a keyboard to send keystroke?
full member
Activity: 189
Merit: 101
heres what i would like to do

i want to have keepass set up on an offline computer to send passwords via usb or some other cable to a computer to log in. it does not need to be keepass, but it would be nice and easy if it was since all my passwords are in keepass already.

is this possible? it doesn't need to be usb, and i don't really want to use a VNC.

i want to do this to avoid one of the biggest problems with keepass, if my computer were to get infected, it would be very bad because the password DB could easily get stolen, along with all of my accounts.

I currently use an old ipod touch and "MyKeePass" (an iOS KeePass 1.0 compatable app) for my very serious passwords. It is not on wifi and doesn't get updated, although it does get synched to a offline machine now and again.

I have been thinking of this very concept lately. I am toying currently with the idea of building an ios or android app that will let me turn an ipod/android device into a usb keyboard device ( with a sanitized send only setup of some sort )... of course keylogger would still pickup the pasted password, but, would be easier than typing it in each time ( which is how I am having to do it now Wink ).

It would also be cool to perform something like KeePass2.0's Two Channel Obfuscation... will have to gander at their implementation in the source.
sr. member
Activity: 252
Merit: 250
If your computer were to be infected, your passwords can be sniffed no matter where you "type" them from: keyboard, local keepass or keepass on another computer.

Just don't get infected. Use a operating system that's secured by design (Linux), use a live CD, switch to OTP/two-factor auth whenever possible, don't run software from unverified sources, don't random click on any link, read error/warning messages.

If you want to be super-extra-paranoid, you could run keepass on an unconnected computer (and I mean *really* unconnected, don't even use a USB cable). When you need to log in, you read the password from the keepass' computer screen and type it on your main computer's keyboard. If at any point you get infected, only the passwords you used in the infection-to-detection window will be compromised. For some more extra paranoia, you should change all your passwords regularly, using the Linux live CD I mentioned.
sr. member
Activity: 350
Merit: 251
heres what i would like to do

i want to have keepass set up on an offline computer to send passwords via usb or some other cable to a computer to log in. it does not need to be keepass, but it would be nice and easy if it was since all my passwords are in keepass already.

is this possible? it doesn't need to be usb, and i don't really want to use a VNC.

i want to do this to avoid one of the biggest problems with keepass, if my computer were to get infected, it would be very bad because the password DB could easily get stolen, along with all of my accounts.
Jump to: