On Sep 20, 2007, at 11:51 AM, Chris Purves wrote:
On 20/09/2007, Gabriel Parrondo <[EMAIL PROTECTED]> wrote:
El jue, 20-09-2007 a las 10:23 -0600, Chris Purves escribió:
Is it possible to encrypt my wireless keyboard communication? I
have
a Logitech EX110. The included Windows software has this
feature, but
of course no linux drivers.
Rare... how is it connected? Usually this kind of devices are
hardware-only and transparently work as a standard device for the OS.
The Logitech webpage is
http://www.logitech.com/index.cfm/keyboards/keyboard_mice_combos/
devices/154&cl=ca,en#
The normal operation does work transparently. There is a receiver
that plugs into the ps/2 ports. Establishing initial connection is
through connect buttons on the receiver and keyboard and mouse.
I ran the included SetPoint software in Windows and it had an option
for enabling encryption between the keyboard and receiver. Perhaps,
once it is enabled, it will continue to be encrypted when I boot into
Debian. I don't know if the software turns on a switch in the
hardware, or if it runs some driver that must be running in order to
get encryption.
I've also seen this "enable encryption" option on my wireless
keyboard at home.
I think the more important question for the original poster is really
-- how far away do you think your keyboard can be reliably received
(just walk away from the computer and see where you can go... type
things into a text editor like, "Now I'm on the stairs", "Now I'm in
the kitchen", "Now I'm on the back porch", and then walk back and see
what's on the screen.
I think you'll find that even "good" wireless keyboards won't easily
penetrate more than a single wall of your home, and won't extend very
far past an exterior wall in most setups, if at all. I can't even
put the receiver under the 1 1/2" thick wooden desk on top of the
computer without some glitches -- these devices use VERY low RF
output... at least the ones I own.
Then do a sane risk-analysis. If I can only reliably use it at X
distance, how often will someone I don't trust be able to put a
receiver capable of both receiving the data in whatever format it's
in? (Keeping in mind that the protocol used for the keyboard usually
not well-documented, so it'd take some skill and knowledge to
intercept it, or you'd have to disassemble a similar RF unit and
reverse engineer a way to make it into a data-logger.) A good
exercise might be in TRYING to intercept your own keystrokes, and
seeing how difficult it is for YOU to do it. If it's a pain in the
ass for you, then evaluate whether or not you're doing something so
bad or have such a need for privacy that you can name anyone or any
organization that would go to that effort to read your typing.
If you can think of someone/something who'd want that data bad enough
to get close enough, and do the work of figuring out how to capture
it -- wireless keyboards probably weren't a good idea for you in the
first place.
Security is as much about realistic risk-analysis as it is about
"encryption for encryption's sake". I'm not saying you shouldn't TRY
to encrypt your keyboard traffic if the keyboard has the feature --
but at some point there's a steep diminshing return on "security".
Another thing to look at... are there easier ways you'd leak whatever
it is that you're typing on your keyboard that someone smart would go
after before trying to snoop your keyboard? Could it be gathered any
other electronic/technical way? Could you fall for a social
engineering "hack" easier and GIVE away what you're doing on that
keyboard to someone you "thought you could trust"? I bet there are
ways that would have a much lower opportunity-cost lost to the
attacker than trying to get your keystrokes from your wireless keyboard.
If you're using a wireless keyboard out in public... that's a
completely different story. Again, wireless may not be the correct
technical solution for you.. :-)
--
Nate Duehr
[EMAIL PROTECTED]
