Re: Security of the keyboard

2007-06-20 Thread Artur Grabowski
> Why not write the keyboard driver the same way how the friend did it > in his OS - using bitmasking and avoiding conditional jumps and > lookup tables? Then the security would be guaranteed and not just > hoped for. Why not write the driver yourself? I don't see the reason to jump and reinvent

Re: Security of the keyboard

2007-06-20 Thread Jason George
>> > And guess what. Keyboards use a serial protocol. Which means that >> > there will be slightly different voltage drops in the system varying >> > with the keys you press. ZOMG! OpenBSD provides a side channel for >> > attackers through the sensors framework! >> >> And don't forget the aps(4) s

Re: Security of the keyboard

2007-06-20 Thread Damien Miller
On Wed, 20 Jun 2007, Mikulas Patocka wrote: > > Yay ! Let's map everything uncached from now on! For great justice! > > > > [I was tempted to write some stuff about how keyboard keycode translation > > works in wscons, but it's not worth my time] > > > > Miod > > You don't have to map keyboard

Re: Security of the keyboard

2007-06-20 Thread bofh
That's ok, you can use my wep enabled wireless keyboard!! On 6/20/07, Marc Balmer <[EMAIL PROTECTED]> wrote: * Bob Beck wrote: > > > And guess what. Keyboards use a serial protocol. Which means that > > > there will be slightly different voltage drops in the system varying > > > with the keys

Re: Security of the keyboard

2007-06-20 Thread Zach Keatts
someone already hacked you and sent that message -- be afraid On 6/20/07, Marc Balmer <[EMAIL PROTECTED]> wrote: > > * Bob Beck wrote: > > > > > And guess what. Keyboards use a serial protocol. Which means that > > > > there will be slightly different voltage drops in the system varying > > > > wi

Re: Security of the keyboard

2007-06-20 Thread Marc Balmer
* Bob Beck wrote: > > > And guess what. Keyboards use a serial protocol. Which means that > > > there will be slightly different voltage drops in the system varying > > > with the keys you press. ZOMG! OpenBSD provides a side channel for > > > attackers through the sensors framework! > > > > And

Re: Security of the keyboard

2007-06-20 Thread Bob Beck
> > And guess what. Keyboards use a serial protocol. Which means that > > there will be slightly different voltage drops in the system varying > > with the keys you press. ZOMG! OpenBSD provides a side channel for > > attackers through the sensors framework! > > And don't forget the aps(4) sensor

Re: Security of the keyboard

2007-06-20 Thread Stephan Andre'
On Wednesday 20 June 2007 12:28:28 Darrin Chandler wrote: > On Wed, Jun 20, 2007 at 06:14:07PM +0200, Karel Kulhavy wrote: > > > And guess what. Keyboards use a serial protocol. Which means that > > > there will be slightly different voltage drops in the system varying > > > > The capacitors and re

Re: Security of the keyboard

2007-06-20 Thread Ted Unangst
On 6/20/07, Karel Kulhavy <[EMAIL PROTECTED]> wrote: This kind of security design is assuming favourable constellation of uncontrollable environmental noises to scramble the information we are knowingly leaking. It's basically a snake oil. We have no proof that under every conceivable circumstanc

Re: Security of the keyboard

2007-06-20 Thread Geoff Steckel
Karel Kulhavy wrote: This kind of security design is assuming favourable constellation of uncontrollable environmental noises to scramble the information we are knowingly leaking. It's basically a snake oil. We have no proof that under every conceivable circumstances the noises will be present

Re: Security of the keyboard

2007-06-20 Thread Darrin Chandler
On Wed, Jun 20, 2007 at 06:14:07PM +0200, Karel Kulhavy wrote: > > And guess what. Keyboards use a serial protocol. Which means that > > there will be slightly different voltage drops in the system varying > > The capacitors and regulator which are made to keep the voltage almost > constant > wit

Re: Security of the keyboard

2007-06-20 Thread Karel Kulhavy
On Wed, Jun 20, 2007 at 04:00:01PM +0200, Artur Grabowski wrote: > Karel Kulhavy <[EMAIL PROTECTED]> writes: > > > On Tue, Jun 19, 2007 at 07:05:38PM -0700, Don Scott wrote: > > > I think Artur Grabowski too easily dismisses the question. > > > > > > I'd be interested to know if you get any infor

Re: Security of the keyboard

2007-06-20 Thread Mikulas Patocka
Yay ! Let's map everything uncached from now on! For great justice! [I was tempted to write some stuff about how keyboard keycode translation works in wscons, but it's not worth my time] Miod You don't have to map keyboard map uncached, just change the way code is written --- instead of x =

Re: Security of the keyboard

2007-06-20 Thread Peter N. M. Hansteen
Artur Grabowski <[EMAIL PROTECTED]> writes: > And don't forget the aps(4) sensor on Thinkpads! The accelerometer can > probably measure the acceleration caused by various key strokes and that > acceleration will be different depending on where on the keyboard you hit > (different angles) and with

Re: Security of the keyboard

2007-06-20 Thread Artur Grabowski
Artur Grabowski <[EMAIL PROTECTED]> writes: > And guess what. Keyboards use a serial protocol. Which means that > there will be slightly different voltage drops in the system varying > with the keys you press. ZOMG! OpenBSD provides a side channel for > attackers through the sensors framework! An

Re: Security of the keyboard

2007-06-20 Thread Artur Grabowski
Karel Kulhavy <[EMAIL PROTECTED]> writes: > On Tue, Jun 19, 2007 at 07:05:38PM -0700, Don Scott wrote: > > I think Artur Grabowski too easily dismisses the question. > > > > I'd be interested to know if you get any informative responses that > > are not also posted to [EMAIL PROTECTED] > > Mikul

Re: Security of the keyboard

2007-06-20 Thread Artur Grabowski
Miod Vallat <[EMAIL PROTECTED]> writes: > Yay ! Let's map everything uncached from now on! For great justice! Yay! Then we can start inlining code again for greater performance! //art

Re: Security of the keyboard

2007-06-20 Thread Miod Vallat
Yay ! Let's map everything uncached from now on! For great justice! [I was tempted to write some stuff about how keyboard keycode translation works in wscons, but it's not worth my time] Miod

Re: Security of the keyboard

2007-06-20 Thread Karel Kulhavy
On Tue, Jun 19, 2007 at 07:05:38PM -0700, Don Scott wrote: > I think Artur Grabowski too easily dismisses the question. > > I'd be interested to know if you get any informative responses that > are not also posted to [EMAIL PROTECTED] Mikulas (the friend) told me the algorithm to hack the root pa

Re: Security of the keyboard

2007-06-19 Thread Artur Grabowski
Karel Kulhavy <[EMAIL PROTECTED]> writes: > A friend who is happening to write his own operating system just pointed out > to me that a keyboard driver cannot use > > - lookup tables, because timing accessing these lookup tables would yield > information what key was pressed when entering a roo

Security of the keyboard

2007-06-19 Thread Karel Kulhavy
A friend who is happening to write his own operating system just pointed out to me that a keyboard driver cannot use - lookup tables, because timing accessing these lookup tables would yield information what key was pressed when entering a root password - tests and jumps, because the same would