[Cryptography] Password entry protocols
Léo El Amri
leo at superlel.me
Sun Apr 1 19:32:34 EDT 2018
On 01/04/2018 20:09, John Levine wrote:
> I agree that on phones with touch screens it's hard to think of
> what an analogous kernel-only signal would be.
For your information, and as far as I know, the "navigation" bar on
Android (The bar at the bottom with the three buttons "Back" "Home" and
"Overview") can't be hijacked via the API. However, it disappear in
full-screen. We could achieve a "secure" way for the user to call for
kernel action by adding a button for "kernel calling" on this bar. And
for further security, we could prevent applications from reading a touch
event occurring on this bar (If an application don't know that the
touchscreen has been pressed, it becomes hard to hijack any password
input form).
Generally, I don't know of any smart-phone without a mechanical
power-on/power-off button. Thus we could use it to prompt the user for a
specific action. As of today, I believe no smart-phone OS permit
user-space application from receiving events from this button.
Obviously, the power button can solve the application full-screen
problem on Android.
More information about the cryptography
mailing list