Keystroke encryption/key-scrabbling for Linux

Discussion in 'all things UNIX' started by SuperSapien, Nov 16, 2015.

  1. SuperSapien

    SuperSapien Registered Member

    Joined:
    Apr 9, 2015
    Posts:
    118
    I've been pondering something for awhile now and thats Keystroke encryption on Linux much like how you can do this on Windows with software like Zemana Antikeylogger. I know malware, spyware and virus are rare on Linux but infections can happen, regardless I'm curious if this even possible in Linux? And is there any enterprise software that does this?
     
  2. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,872
    have you performed a search in your chosen distros repositry.?
     
  3. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,702
    I think you should focus on learning about the problem rather than searching for a solution to something that may not even be a problem.
    Mrk
     
  4. zakazak

    zakazak Registered Member

    Joined:
    Sep 20, 2010
    Posts:
    523
    How cant it be a problem on linux?
     
  5. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    @SuperSapien: this software does not exist for Linux because it is conceptually silly. Encrypted keystrokes have to be decrypted at some point to be useful, and software on a compromised OS cannot be trusted, period.

    @zakazak: statistics, that's how. The desktop userbase is small, and the OS is profoundly simpler to secure. If you want to read about Linux malware, look at servers instead.
     
  6. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,702
    Not just statistics, but also technical implementation.
    But my point is, learn about HOW and IF rather than using a tool for MAYBE.
    Mrk
     
  7. SuperSapien

    SuperSapien Registered Member

    Joined:
    Apr 9, 2015
    Posts:
    118
    Thanks but my question was more of a curiosity. And I understand statistically infections are extremely rare for the average Linux home user especially if you harden your firewall & LSM. But what about Linux servers? Or would that be pointless and if so why is such software so popular/common on Windows?
     
  8. zakazak

    zakazak Registered Member

    Joined:
    Sep 20, 2010
    Posts:
    523
    Statistics and "probably aren't going to happen" aren't arguments to me.

    If there is a technical security implementation in the kernel/OS that is supposed to secure you against keyloggers or similiar, then that is what I would accept as argument.
    If not, then the question of the OP is legit and no reason has been named in this thread yet that would make seeking a solution a waste of time.

    After all it seems like keyloggers on linux atleast exist:
    https://github.com/kernc/logkeys
    http://tipstrickshack.blogspot.com/2013/05/list-of-linux-key-loggers.html
     
  9. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    @zakazak

    Linux is not at all secure against keyloggers, once someone has access to your user account. X11 is pretty bad on the security stuff.

    It is harder to actually compromise in the first place, due to things like the unified update mechanism (package management), and extensive memory protection features on distros like Fedora (and, more recently, Ubuntu).

    The problem here is that "key scrambling" is not magic. The software has a driver that scrambles keystrokes, and a shared library that applications preload which unscrambles them. I'm sure you can see ways of retrieving the original keystrokes, with a setup like that. The problem may be real, but the solution is not.
     
  10. SuperSapien

    SuperSapien Registered Member

    Joined:
    Apr 9, 2015
    Posts:
    118
    Thanks but I think Gullible Jones has a point. While I'm still pretty much a Linux noob, however I know key-scrambling software isn't bullet proof and there are ways arouwarend it. But as more Linux servers come under attack is there a growing need for this?
    And a little off topic here but whats the odd of drive by download spyware infecting your system if your using Firejail?
     
  11. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    626
    Location:
    United States
    You can use Wayland on Fedora 23 Gnome though there are a lot of bugs still afaik. In 6 months Wayland is expected to be default on Fedora 24.
     
  12. Fox Mulder

    Fox Mulder Registered Member

    Joined:
    Jun 2, 2011
    Posts:
    203
    There are definitely Linux-based keyloggers. Open up a terminal as a normal user. Type in:

    $ xinput list

    Find the ID of your keyboard.

    Then type:

    $ xinput test (id)

    Switch to another window and start typing. There you go.

    This is because X11 is deeply flawed and probably the biggest security hole on Linux right now. Even if two processes are run as different users, X11 makes no distinction. There is no isolation between programs.

    But would a key scrambler work, as you have asked? No, not really. On Windows, a key press goes from the keyboard to the device driver. It's raw input at this point. The system then places it in the system message queue. The data ends up in a specific thread queue ("this keypress is for Firefox"), and is deleted from the message queue. It is sent to the correct window for processing.

    The easiest Win32 keyloggers are usermode keyloggers which use SetWindowsHookEx to capture keystrokes as they leave the message queue. Instead of entering directly into the thread queue, the malware intercepts them and logs them before passing them through to their target. Keyscramblers are very effective at combating this type of keylogger, because they encrypt the keystrokes early and decrypt them when they reach their target.

    It is possible to get keystrokes at the raw input stage, but it's harder and I believe you have to elevate privileges for that.

    So, key scramblers are really unique to the way that Windows handles keyboard input. Honestly, this is one area where MS actually has a sane philosophy. It's not perfect by any means but hey, it's saner than X11. X11 is a total mess and I'm counting the days until Wayland is production-level on Fedora.
     
  13. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    @Fox Mulder Thank you for the clarification!

    Agreed that X11 is a mess.

    ... Mind you, what I've seen of Wayland thus far does not make me a fan. It would be nice if there were an "X12", with a better input subsystem, and the APIs rewritten to make use of const-correctness and such. But the code base is probably too huge. :(
     
  14. Fox Mulder

    Fox Mulder Registered Member

    Joined:
    Jun 2, 2011
    Posts:
    203
    Even with Wayland, there is some vulnerability because Linux doesn't shield one application from another within the same user session. We have some software solutions (like SELinux and AppArmor) that can help in this regard, but it's not even close to eliminating that issue. This is why I'm a big fan of AppGuard on Windows. I wish there was an equivalent for Linux!
     
  15. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    626
    Location:
    United States
    I have to switch over to Gnome 3 at some point because Cinnamon won't have Wayland for some time afaik.
     
  16. Fox Mulder

    Fox Mulder Registered Member

    Joined:
    Jun 2, 2011
    Posts:
    203
    Haha. Personally, I dislike G3 so much that I'll wait for KDE to come out with it. I hope it comes out for Xfce sooner than later, but with the Xfce development cycle being what it is...
     
Loading...