Hacker News new | past | comments | ask | show | jobs | submit login

It wouldn't have to do it in real time right? It could easily batch typing sessions and have the server chew through them asynchronously.



So then you're sending every keystroke people make to a central server?

Even assuming that the connection is secure (never a good assumption), that still means that there is a single point of failure. And one with drastic consequences.


But doesn't any service that you authenticate against assume the channel is secure? Presumably this would use SSL.

I do agree about the single point of attack though. Perhaps you could do an asynchronous substring check locally when the CPU is idle.


But then anyone who can gain access to the computer once can then perform an offline attack on the password at their leisure.


True, but anyone that can gain privileged access to the computer is already king of the castle. Why attack it offline when you can just keylog it? I think it goes back to being one part of an overall security posture. Encrypt your workstations and people can't just pick them up and own them.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: