Ubuntu Privacy Remix

change keyboard layout via script against keyloggers + one time passwords

Asked by cougarten

Keyboard Layout:
By accident I had another keyboard layout on the login screen once and liked it, that no one could use sudo on my computer just by looking how I type in my (much to short) password.
Making the layout switchable (somehow hidden from foreign eyes and/or hardware loggers) would increase the security very much.
you can hide the switch somehow by making a script run along with an unsuspecious action (starter to an application or some keyboard shortcut)

OTPs:
could one-time passwords somehow be used to protect encrypted stuff? (http://www.cl.cam.ac.uk/~mgk25/otpw.html this is a login-thing but the thoughts behind it may be worth a look).

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu Privacy Remix Edit question
Assignee:
No assignee Edit question
Solved by:
Mark Preetorius
Solved:
Last query:
Last reply:
Revision history for this message
Best Mark Preetorius (p-launchpad-privacy-cd-org) said : 		#1

Thank you for your suggestions.

Keyboard Layout:
You can switch the layout easily by yourself (System - Settings - Keyboard). But I don't think, that this will improve your password security very much, *especially not against keyloggers or a person watching you, while you enter your password*. If an attacker knows which keys to hit, it is very easy to test them with the different Keyboard-Layouts. Within the data captured by a keylogger, the passphrase itself will stand out rather clearly from the rest of the captured keyboard input either way, because it is neither a human readable sentence nor command sequences with Ctrl or Alt pressed.

You could increase the intricacy of Brute Force Attacks by using a e.g. russian keyboard layout for entering your Truecrypt- oder Gnupg-Password, because this increases the character repertoire the attacker has to try. But based on the fact that a Brute Force Attack on a password with a length of 20 charachters an a character repertoire of 70 (letters, numerics and aditional characters) even with very powerful and specialized hardware will take many millions of years, this does not seem to be necessary.

Bad Passwords are vulnerable against dictionary-attacks. Against those switching the keyboard layout may be a small improvement, because the attacker has to run the same attack with e.g. 80 different keyboard layouts. But for professional attackers with powerful hardware this should not be a serious problem.

If your password is much to short, I would suggest to use a longer one (min 20 characters). The length and complexity of the password is the best and most important protection for your encrypted data.

OTPs:
In UPR Passwords are mainly used for Truecrypt-Volumes an GnuPG-Keys. It is not possible to use One-Time-Passwords with these Programs and it would not make much sense. If you want protection against keyloggers, I recommend using keyfiles or security tokens, which is possible with UPR/Truecrypt.

Revision history for this message
cougarten (5p4m0r) said : 		#2

thank you for the long answer.

I think the Keyboard Layout does not have to be an existing one and a shuffled xmodmap should be easy to script, but I guess you are right and this might be just as secure as a key file.

Not for real security but as a proof of concept: could one let the framerate of the monitor oscillate a bit? (against the electromagnetic whatever attack to lurk on your screen).

Greetings,
Q

Revision history for this message
cougarten (5p4m0r) said : 		#3

Thanks Mark Preetorius, that solved my question.