[openssl-users] Lattice Ciphers

Colony.three colony.three at protonmail.ch
Mon Dec 18 21:28:10 UTC 2017


> For your information, I actually tracked down the original report
> about this (and posted some corrections in a comment to the
> researcher):
> - This was not HP's keyboard driver.  This was Synaptics' touch
>   pad driver (SynTP.sys).

Never said it is HP's driver.  But understand, that it only went in to HP machines.

As far as we know.  That, I have said.

> - The code in question was apparently the common classic issue
>   that the driver checks if a hotkey related to the touchpad is
>   pressed, and has a test feature to help each laptop manufacturer
>   check if they configured the correct (laptop-specific) scan code
>   for that hotkey by using a special test driver that logs the keys
>   that match/don't match the configured one.  On a number of
>   occasions HP (and maybe others) have sent such test drivers to end
>   users instead of the drivers without the debug feature.

A keylogger is not useful in this case, particularly as timing is an acute issue.  At the most basic, when they want what you portray, a utility like evtest.

> - In this case, no keys were logged unless someone (or something)
>   with admin rights on the laptop did extra steps to turn on the
>   feature and to read back the results.  Any malicious code with
>   those rights could just install its own logging without depending
>   on that particular wrong driver being installed,
> -  So to me, that particular issue falls into the less serious tier of:
> Possible misuse if other things go wrong first, upgrade when ready as
> a defense in depth.
> -  Jakob

Correct, it is not turned on by default.  Never said otherwise.  But it can be manually.

So far I've raised three independent issues in this thread, and have been fought on all three.  I am bored now with trying to raise awareness, so let's just all agree that nobody wants to hear it.  You do your thing and I'll do mine.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171218/f3de7bac/attachment.html>

More information about the openssl-users mailing list