[Cryptography] Password entry protocols
Howard Chu
hyc at symas.com
Mon Apr 2 10:55:18 EDT 2018
Léo El Amri wrote:
> On 01/04/2018 20:09, John Levine wrote:
>> I agree that on phones with touch screens it's hard to think of
>> what an analogous kernel-only signal would be.
>
> For your information, and as far as I know, the "navigation" bar on
> Android (The bar at the bottom with the three buttons "Back" "Home" and
> "Overview") can't be hijacked via the API. However, it disappear in
> full-screen. We could achieve a "secure" way for the user to call for
> kernel action by adding a button for "kernel calling" on this bar. And
> for further security, we could prevent applications from reading a touch
> event occurring on this bar (If an application don't know that the
> touchscreen has been pressed, it becomes hard to hijack any password
> input form).
>
> Generally, I don't know of any smart-phone without a mechanical
> power-on/power-off button. Thus we could use it to prompt the user for a
> specific action. As of today, I believe no smart-phone OS permit
> user-space application from receiving events from this button.
> Obviously, the power button can solve the application full-screen
> problem on Android.
Not true, the power button is just another soft event, and the Power menu on
Android (which pops up when pressing the power button) is fully customizable.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
More information about the cryptography
mailing list