>use on screen keyboards using mouse action or use non-bios routines that
>remap key codes.
>
>If you need this level of security you probably need to look at the whole
>environment and do some serious thinking.
>
>If you use standard keyboards then the scancodes can be intercepted, if >you
>have standard PC's with non-custom OS then almost anything can be sniffed
>out.
>
>(The moot list is in need of any good advice on this, basic discussion
>already covered)
>
It is possible using external HW to get keycodes and random numbers into
a machine and to an application bypassing the entire OS keycode path (
hiding the codes, timing and quantity ) and to generate a simple font
engine to allow an app to display characters without going through the
OS font engine. In this way you could create a slightly secure app ( a
mail client for instance ) on an insecure system like windows. It would
still be easily attacked if it were specifically a target but would
probably be immune to any general purpose loggers in either the keyboard
path ( except on the kyb itself ) or the OS font engine.
If you think the OS font engine can be trusted then you can create an
app that given a handle feeds the keycodes to any standard application.
Obviously your keys and plaintext will be in memory so could be copied
by another thread that knew where to look.
