**ash the slepy snoozlefluffer** @kity@sleeping.town · Jun 23, 2018, 16:21

**ash the slepy snoozlefluffer** @kity@sleeping.town · Jun 23, 2018, 16:21

ash the slepy snoozlefluffer @kity@sleeping.town

concept: encrypted usb protocol to prevent hardware keyloggers and such

**ash the slepy snoozlefluffer** @kity@sleeping.town · Jun 23, 2018, 16:23

**ash the slepy snoozlefluffer** @kity@sleeping.town · Jun 23, 2018, 16:23

is this good or just a stupid idea

**virtualice** @CobaltVelvet · Jun 23, 2018, 16:28

**virtualice** @CobaltVelvet · Jun 23, 2018, 16:28

@kity how do you know there's someone in the middle, or how do you know you're talking to the pc or keyboard

you have to maintain private keys and certificattes and the whole thing and someday someone will extract it from the OS and a cheap keyboard and make a keylogger with both. maybe you could associate each keyboard with each pc but it becomes cumbersome even for an enterprise.

basically same as for drm, it's a lot of effort and not much security

**elomatreb** @elomatreb@social.elomatreb.eu · Jun 23, 2018, 16:30

**elomatreb** @elomatreb@social.elomatreb.eu · Jun 23, 2018, 16:30

@CobaltVelvet @kity Arguably it would be enough to encrypt the data transfer and allow the host to decide if it wants to allow the device with a prompt, similar to how bluetooth requires permission, no need to involve certificate infrastructure (or even bidirectional trust if we're only concerned with a host protecting itself from the devices)

**virtualice** @CobaltVelvet · Jun 23, 2018, 16:32

**virtualice** @CobaltVelvet · Jun 23, 2018, 16:32

@elomatreb @kity but how do you exchange the key? if there's a device in the middle like a usb keylogger, you have to authenticate both ends, otherwise the device will just encrypt each side and relay the cleartext while logging

**elomatreb** @elomatreb@social.elomatreb.eu · Jun 23, 2018, 16:34

**elomatreb** @elomatreb@social.elomatreb.eu · Jun 23, 2018, 16:34

@CobaltVelvet @kity Per-device key, similar to how many-to-many end-to-end chat encryption works, probably? Would create bus overhead relative to the number of devices that share a channel of course, but arguably that could be a worthwhile tradeoff for security

**virtualice** @CobaltVelvet · Jun 23, 2018, 16:35

**virtualice** @CobaltVelvet · Jun 23, 2018, 16:35

@elomatreb @kity like, settings the key manually when you know there is no keylogger? sure

**elomatreb** @elomatreb@social.elomatreb.eu · Jun 23, 2018, 16:36

**elomatreb** @elomatreb@social.elomatreb.eu · Jun 23, 2018, 16:36

@CobaltVelvet @kity Unless I'm missing something each device would only have to keep a persistent key to authenticate itself by signing an address/the initial key exchange, the actual transport key could be ephemeral

**virtualice** @CobaltVelvet · Jun 23, 2018, 16:40

**virtualice** @CobaltVelvet · Jun 23, 2018, 16:40

@elomatreb @kity yeah the keyboard wouldn't know the pc changed but the user would quickly notice it being disconnected or it would be detected as an unknown keyboard

nice

**virtualice** @CobaltVelvet · 2018-06-23T16:43:36Z

virtualice @CobaltVelvet

@elomatreb @kity but then someone capable of installing a usb keylogger would surely be able to get access to the pin if it's written under it

so it should be generated at some point, copied to the host, and then kept reasonably secret

Jun 23, 2018, 16:43 · Web · 0 · 1