On 03/05/2026 10:28, Marco Moock via Gnupg-users wrote:
Am 02.05.26 um 23:05 schrieb rca via Gnupg-users:
I convinced some of my co-workers to use GPG, we have been using it
to secure some emails/Whatsapp messages, but your email got me
thinking about keyloggers. Are there some security recommendations to
stay safe from it?
If you have a software keylogger, you need to know the source of it.
Check from where you install software and reduce the sources to the
lowest as possible. Avoid proprietary software and support groups who
do code reviews to make backdoors less easy.
There is still the risk that someone in the supply chain places
malware inside, see the ssh/liblzma issue.
However for the hardware keyloggers that can be plugged into relevant
cables (such as keyboard cables), physical security is the only known
defence, as only the bad ones cause readily identifiable signal
interference that might be detectable with special defence software.
Software keyboards avoid wiretaps on hardware keyboards but are wide
open to software attacks and weaknesses, plus the risk of remote screen
monitoring to observer key entry.
The FIPS-140 solution is to have a dedicated keyboard for key entry,
wired directly to the hardware component that processes the key, for
example some smart card readers with keypads only provide the pin code
digits to the secure chip in the smartcard, not to the attached computer,
and Microsoft operating systems refuse to support those readers by
insisting that the pin code is provided as standard keystrokes to the
Windows pincode entry user interface.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
Gnupg-users mailing list
[email protected]
https://lists.gnupg.org/mailman/listinfo/gnupg-users
