David Irvine <[EMAIL PROTECTED]> writes: [...]
> Apart from that what is the most effective way of entering a > password to stop keyloggers I have been racking my brain thinking of > a defeat for them but can't come up with one yet although I'm sure > there is an answer somewhere. Consider the use of one-time passwords. A google search for this phrase turns up most of the interesting information; RSA's SecurID is a popular example. Challenge-response mechanisms, with the response calculated on a device completely controlled by the user (such as a cellphone, PDA, or specialized device), are a similar idea. S/Key is a well-known example of this, although there may be newer ones. Both of these are vulnerable to man-in-the-middle attacks, but will significantly reduce risk, and protect you from keyloggers that don't transmit their results within a few seconds after they are sent. These probably don't present turnkey solutions to your immediate problem, but will hopefully get you pointed in a useful direction. Good luck, -----Scott. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
