KeystrokeEndToEndCrypto (2016-07-16 17:31:02)

Why end-to-end keytsroke encryption, from simple HW to application?

"End to end cryptography" is well known.

The same protocols and software (eg. multiplexers and demultiplexers) would be useful not just for keystroke data, but virtually any realtime automotive, industrial, environmental, communication, soho or security data (saving millions of kg of copper and providing better redundancy and tapper-free datapath, eg. from microphones or motion detectors).

Honest businesses prefer an honest money supply, and fast, secure


Proposed architecture


Searching for a better place to host this:


VEMS has


To be defined (to be useful)


Usefulness

Anyone with some knowledge about computer security or USB knows that currently keystrokes are crying out "catch me please" when traveling from keyboard to application (via a deep HW and SW stack), and the user has no option to "tunnel" keystroke data securely to the application

Some will argue that sufficient security can be reached by:

Marcell thinks this is not the case, but this beyond the scope of this page. Those who think so should simply silently go away. For extremely high value [offline wallets] to store and use keys are very reasonable (who would argues that ?). However, for smaller value (or to secure everyday communications) some practical method still needed to handle secret keys.

When the next multi-billion dollar theft will be publicly known (probably already happened, but traditional "create money and not inform" banks don't publish) we'll know more about which practice is more secure.

If different methods provide different security:

Should be a reasonable first step, even if more secure (and more costly) method will be possible later for Completely secure key => known application running on custom hardware (perhaps verified etched Si). Hopefully we don't need to solder 6000 gates to sign in a secure way :-)


DIY or closed source ?

Some will implement in