undefined | Better HN

0 pointscheerlessbog7y ago0 comments

How would you approve the keyboard without using the keyboard?

Anyway since we are assuming physical access, they could just swap out your keyboard for one that works normally until you go for lunch, then starts typing for itself..

0 comments

wmf7y ago

The OS could display a random sequence of keys that you have to press to enable the keyboard. If the evil cable can't see the screen it wouldn't know what keys to transmit.

This is not a serious suggestion since it would be annoying to most people.

DaiPlusPlus7y ago

No more annoying than Bluetooth pairing PINs or iOS's passcode-to-use-USB prompts. If the keyboard has secure stateful memory (e.g. for a client-certificate or client-secret) then the user would only have to enter it once.

DaiPlusPlus7y ago

> How would you approve the keyboard without using the keyboard?

On laptops the built-in mouse and keyboard would be "trusted".

On desktops and servers, I can think of a couple of strategies:

* Always trust keyboards only when plugged into certain USB ports (e.g. ports on the front of the computer highly visible to the computer's operator) * Mutual keyboard/host authentication and encryption.

j / k navigate · click thread line to collapse

0 pointscheerlessbog7y ago0 comments

How would you approve the keyboard without using the keyboard?

Anyway since we are assuming physical access, they could just swap out your keyboard for one that works normally until you go for lunch, then starts typing for itself..

0 comments

wmf7y ago

The OS could display a random sequence of keys that you have to press to enable the keyboard. If the evil cable can't see the screen it wouldn't know what keys to transmit.

This is not a serious suggestion since it would be annoying to most people.

DaiPlusPlus7y ago

> How would you approve the keyboard without using the keyboard?

On laptops the built-in mouse and keyboard would be "trusted".

On desktops and servers, I can think of a couple of strategies:

j / k navigate · click thread line to collapse