Re: Backup encryption key
Easy, 1. connect the USB 2. Run the TrueCrypt (http://www.truecrypt.org/) This is the problematic step. If you came to my computer with your USB key and asked to install a program so that you could use your key, I would not let you. Nor could you use it at a public facility such as a library. 3. Mount the un-partitioned disk (on the USB) drive. I will be asked for the password in the mounting process. [10 seconds, so far] Unless the station has something that will copy the disk, while connected; the password by itself wouldn't help anybody (its a local disk, not a web application accessed by anybody with my password). That said, but since i always worry about key logger and such, I very much try to avoid using it from a PC/station I do not trust (I know how easy key-loggers are to deploy ;) Really? Should I be worried? For that matter, do you have the address of some keylogging software that I could play with in a virtual Windows machine? I have googled just now, but I cannot find anything that doesn't cost money. I will be responsible with it, I promise, but in any case you might want to send a link or info off-list just in case. Thanks. -- Dotan Cohen http://what-is-what.com http://gibberish.co.il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Backup encryption key
On Saturday 25 April 2009, 13:11, Dotan Cohen wrote: Really? Should I be worried? For that matter, do you have the address of some keylogging software that I could play with in a virtual Windows machine? I have googled just now, but I cannot find anything that doesn't cost money. I will be responsible with it, I promise, but in any case you might want to send a link or info off-list just in case. Thanks. Try this: http://amecisco.com/iks2000.htm It's a limited demo version, but enough to give you an idea. Shahar ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Backup encryption key
Try this: http://amecisco.com/iks2000.htm It's a limited demo version, but enough to give you an idea. Thanks, Shahar. It seems that this is something that the computer admin must install, not a portable app or something similar. So, so long as I trust the admin (for instance, at the Technion's libraries) I should be safe so long as I reboot before using the computer and performing sensitive operations. In other words, some malicious student could not get my logins by exploiting the library computers that I do use. I would only be at risk using internet cafes and such, where I do not trust the admins. -- Dotan Cohen http://what-is-what.com http://gibberish.co.il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Backup encryption key
Dotan Cohen wrote: Try this: http://amecisco.com/iks2000.htm It's a limited demo version, but enough to give you an idea. Thanks, Shahar. It seems that this is something that the computer admin must install, not a portable app or something similar. So, so long as I trust the admin (for instance, at the Technion's libraries) I should be safe so long as I reboot before using the computer and performing sensitive operations. In other words, some malicious student could not get my logins by exploiting the library computers that I do use. I would only be at risk using internet cafes and such, where I do not trust the admins. I can write a Windows key logger in about half an hour, and I don't think you would need admin in order to run it (making it run in other people's session is another matter). Shachar -- Shachar Shemesh Lingnu Open Source Consulting Ltd. http://www.lingnu.com ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Backup encryption key
I can write a Windows key logger in about half an hour, and I don't think you would need admin in order to run it (making it run in other people's session is another matter). I see. Coming from the Linux world, I just figured that if it was doable then someone had already made such a tool available. I suppose that Rule #36 is not valid in the Windows ecosystem, where users are expected to pay for everything. Thanks for the info. -- Dotan Cohen http://what-is-what.com http://gibberish.co.il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Backup encryption key
This one runs in kernel space and plants itself beneath the keyboard driver, so it can capture everything and is almost undetectable. And Windows will run that as a portable app, ie, no installation required? A malicious entity can just run that on any public computer and collect info? There are numerous hardware keyloggers that require only somewhere to hide behind the pc. Actually, I am aware of those. For some reason, I do not feel worried about that, but I will start checking for good measure! -- Dotan Cohen http://what-is-what.com http://gibberish.co.il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
