KeystrokeEndToEndCrypto (2016-07-16 10:57:02)

Why end-to-end keytsroke encryption, from simple HW to application?


Proposed architecture


Searching for a better place to host this:


VEMS has


To be defined (to be useful)


Usefulness

Anyone with some knowledge about computer security or USB knows that currently keystrokes are crying out "catch me please" when traveling from keyboard to application (via a deep HW and SW stack), and the user has no option to "tunnel" keystroke data securely to the application

Some will argue that sufficient security can be reached by:

Marcell thinks this is not the case, but this beyond the scope of this page. Those who think so should simply silently go away.

When the next multi-billion dollar theft will be publicly known (probably already happened, but traditional "create money and not inform" banks don't publish) we'll know more about which practice is more secure.

If different methods provide different security:

Should be a reasonable first step, even if more secure (and more costly) method will be possible later for Completely secure key => known application running on custom hardware (perhaps verified etched Si). Hopefully we don't need to solder 6000 gates to sign in a secure way :-)


DIY or closed source ?

Some will implement in