A program has been developed that allows protection against keyloggers who can beat encryption systems.
Keyloggers who record passphrases as they are entered is seen as the largest weak spot of most encryption sites. Encryption is seen as the solution to IT security, but this assumes though that the password or phrase used to access the encrypted data is itself secure.
PMC Ciphers has developed TurboCrypt which can encrypt keyboard characters on-the-fly, before keylogging or screen capture malware has a chance to record what is being entered. The firm claims that it is so secure that work even if the computer is infested with malicious Trojans.
It works by exploiting two interlocking concepts to render the password or screen capture impossible. The virtual password entry screen for TurboCrypt's encryption function turns out to be a visual grid on which characters and numbers are drawn and deleted several times per second.
The user chooses a character from within the flickering randomised grid, which then changes for the next character until the whole password has been entered.
As the image redraws faster than a capture utility can register the screen the grid changes randomly for every character entered, making relating mouse clicks to the on-screen image of the keyboard impossible.
The creators admit that its flickering nature do make it exhausting to use, but claim that ‘this thing is one of the most decisive inventions in computer security'.
See original article on scmagazineus.com
Encyption protection program launched
By SC Australia Staff on Sep 15, 2008 12:01PM