On 21/09/2007, Nate Duehr <[EMAIL PROTECTED]> wrote: > > On Sep 20, 2007, at 11:51 AM, Chris Purves wrote: > > > On 20/09/2007, Gabriel Parrondo <[EMAIL PROTECTED]> wrote: > >> El jue, 20-09-2007 a las 10:23 -0600, Chris Purves escribió: > >>> > >>> Is it possible to encrypt my wireless keyboard communication? I > >>> have > >>> a Logitech EX110. The included Windows software has this > >>> feature, but > >>> of course no linux drivers. > >> > >> Rare... how is it connected? Usually this kind of devices are > >> hardware-only and transparently work as a standard device for the OS. > > > > The Logitech webpage is > > http://www.logitech.com/index.cfm/keyboards/keyboard_mice_combos/ > > devices/154&cl=ca,en# > > > > The normal operation does work transparently. There is a receiver > > that plugs into the ps/2 ports. Establishing initial connection is > > through connect buttons on the receiver and keyboard and mouse. > > > > I ran the included SetPoint software in Windows and it had an option > > for enabling encryption between the keyboard and receiver. Perhaps, > > once it is enabled, it will continue to be encrypted when I boot into > > Debian. I don't know if the software turns on a switch in the > > hardware, or if it runs some driver that must be running in order to > > get encryption. > > I've also seen this "enable encryption" option on my wireless > keyboard at home. > > I think the more important question for the original poster is really > -- how far away do you think your keyboard can be reliably received > (just walk away from the computer and see where you can go... type > things into a text editor like, "Now I'm on the stairs", "Now I'm in > the kitchen", "Now I'm on the back porch", and then walk back and see > what's on the screen.
Yes, that was a good suggestion. The limit seems to be about 8 feet in open air (with new batteries), so going through a wall would likely kill the signal. > Then do a sane risk-analysis. If I can only reliably use it at X > distance, how often will someone I don't trust be able to put a > receiver capable of both receiving the data in whatever format it's > in? (Keeping in mind that the protocol used for the keyboard usually > not well-documented, so it'd take some skill and knowledge to > intercept it, or you'd have to disassemble a similar RF unit and > reverse engineer a way to make it into a data-logger.) A good > exercise might be in TRYING to intercept your own keystrokes, and > seeing how difficult it is for YOU to do it. If it's a pain in the > ass for you, then evaluate whether or not you're doing something so > bad or have such a need for privacy that you can name anyone or any > organization that would go to that effort to read your typing. > > If you can think of someone/something who'd want that data bad enough > to get close enough, and do the work of figuring out how to capture > it -- wireless keyboards probably weren't a good idea for you in the > first place. That's not my situation. Considering the short range of the keyboard and the difficulty involved in intercepting, the risk is very small. > Security is as much about realistic risk-analysis as it is about > "encryption for encryption's sake". I'm not saying you shouldn't TRY > to encrypt your keyboard traffic if the keyboard has the feature -- > but at some point there's a steep diminshing return on "security". > > Another thing to look at... are there easier ways you'd leak whatever > it is that you're typing on your keyboard that someone smart would go > after before trying to snoop your keyboard? Could it be gathered any > other electronic/technical way? Could you fall for a social > engineering "hack" easier and GIVE away what you're doing on that > keyboard to someone you "thought you could trust"? I bet there are > ways that would have a much lower opportunity-cost lost to the > attacker than trying to get your keystrokes from your wireless keyboard. > > If you're using a wireless keyboard out in public... that's a > completely different story. Again, wireless may not be the correct > technical solution for you.. :-) > Thanks for your feedback, Nate. -- Take care, eh. Chris
