Keypass Firefox Autofill + Keyscrambler?

Discussion in 'privacy problems' started by aklies14, Jul 25, 2012.

Thread Status:
Not open for further replies.
  1. aklies14

    aklies14 Registered Member

    Joined:
    Jun 22, 2012
    Posts:
    29
    Location:
    America
    Keepass Firefox Autofill + Keyscrambler?

    I am using keyscrambler premium for a long time now and it really does its job to defeat key-loggers by encrypting keys.Now I started using Keepass autofill option(ctrl+alt+A) to fill my username and password in firefox.when I press keys on keyboard manually then keyscrambler encrypts them and keylogger will read only these random encrypted keys but when I use keepass autofill optiuon then kepass will simulate these keys without me having to enter them manually.

    so Questions:
    1. can ANY key-logger grab these simulated keys.
    2. if yes then will it grab the actual keys or random keyscrambled keys.because if it can grab the actual keys then it defeats the purpose of keyscrambler and make things more unsafe than before.
     
    Last edited: Jul 25, 2012
  2. discs

    discs Registered Member

    Joined:
    May 17, 2011
    Posts:
    41
    Location:
    UK
    Hi,

    I believe, yes, any keylogger can grab the autotyped (autofilled) characters of Keepass - BUT nevertheless keepass provides an alternative which prevents this.

    Have you looked at Keepass's Two-Channel Auto-Type Obfuscation http://keepass.info/help/v2/autotype_obfuscation.html.

    Perhaps you would like to have a look at the use of Auto-Type Obfuscation in Keepass, because it may solve your problem.

    With best wishes, discs.
     
    Last edited: Jul 30, 2012
  3. aklies14

    aklies14 Registered Member

    Joined:
    Jun 22, 2012
    Posts:
    29
    Location:
    America
    ^Thanks

    but would keyscrambler still encrypt these autotyped characters input by keepass into firefox as it would do in case I enter user/pass manually through keyboard.Because if keyscrambler doesnt come in picture and doesnt encrypt these autotyped simulated keystrokes from keepass then I think I am more safe with just keyscrambler and manual user/pass typing.Right?

    I know I can myself install a couple of key-loggers and test it out but I have only one system(work system) and I dont want to play around on it with keyloggers.
     
  4. discs

    discs Registered Member

    Joined:
    May 17, 2011
    Posts:
    41
    Location:
    UK
    Hi again,

    I cannot answer your question about what Keyscrambler does with auto-typed characters (perhaps someone else will come along to answer your question on that).

    But as I said before: if you use Keepass's Two-Channel Auto-Type Obfuscation http://keepass.info/help/v2/autotype_obfuscation.html then you are protected from keyloggers by Keepass's way of 'obfuscating' the auto-typing.

    Keyscrambler, in this situation, therefore becomes unnecessary!

    In summary: if you want to be protected during auto-typing by Keepass, you need to use its Two-Channel Auto-Type Obfuscation. This has to be explicitly enabled for EACH entry in your Keepass database. When you edit an entry go to the Auto-Type tab - at the bottom of the window you will be able to tick a box (to enable) Two-channel auto-type obfuscation for that database entry.
     
Loading...
Thread Status:
Not open for further replies.