Character protection

Discussion in 'Prevx Releases' started by CloneRanger, Sep 30, 2010.

Thread Status:
Not open for further replies.
  1. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Was about to post this in the below thread, but you've just closed it :p

    https://www.wilderssecurity.com/showthread.php?t=283229&page=3

    Really !

    In that case please can you give as full list of those so we can choose others, if we prefer :thumb:
     
  2. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,875
  3. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Sorry about the thread confusion! SafeOnline will protect alphanumeric characters entered on the normal keyboard (0-9, A-Z irrespective of case). Other characters are sometimes protected but it depends on the context and language settings of the PC as many characters have different functions in different languages.

    Hope that helps! :)
     
  4. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    I assume that this is the same issue that I've previously reported where website password protection may not work if the password contains special characters, as most of mine do.
     
  5. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    :eek:

    Well how about English, which characters Don't you protect ?

    Sort of :p
     
  6. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    The only non-protected characters are non-language characters in English (i.e. []\/$#!@)

    Unless your password involves a lot of obfuscated swearing, you shouldn't have a problem :D
     
  7. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    If we shouldn't use special characters with PSO, we'll need to make longer passwords, I guess.
     
  8. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Well, the rest of the password is protected - i.e. if your password is

    secret123/password

    the only thing that some keyloggers may be able to see is:

    /

    (and most websites wouldn't even accept that as a password anyway because of character restrictions)
     
  9. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Only :D That's quite a few, on my keyboard anyway :D

    Is there a "Good" reason why you can't include everything, and/or is it a secret ?

    Really ! i've never been so insulted for days :p
     
  10. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Non-alphanumeric characters are frequently used as "control" characters within the keyboard or as partial keystrokes in different languages. It opens up a massive area for incompatibilities by trying to protect every key without really providing much added value at all.
     
  11. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    Hi Joe,

    I agree that protection of alphanumeric input is what really matters from a key logging perspective. However, this still leaves an issue with SafeOnline's password protection. As you are aware, if a protected password contains non-alphanumeric characters, the protection doesn't work and the password can be entered into any website without SafeOnline alerting.

    Given the difficulties of protecting non-alphanumeric characters due to the reasons you mention, a possible solution to the password protection issue might be to ignore any embedded non-alphanumeric characters when encrypting passwords, both when the value is initially stored and during the matching process whenever it is entered into a website. Whilst it would constitute partial matching rather than full matching, it should provide an effective solution and would certainly be an improvement on the current situation.

    Regards
     
  12. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    This is certainly a valid approach for the credential protection :thumb: I'll see what we can do in terms of adding this into the current 3.0 SafeOnline but if we are unable to work around the character protection in 4.0, I definitely see this as being the way around it.
     
Thread Status:
Not open for further replies.