IOTA wallet - how to make keyloggers useless with TCATO
If you are interested to know more about
Two-Channel Auto-Type Obfuscation in KeePass.
In theory, this system gives a hard time to keyloggers because is intelligently splitting the seed
in the login window.
I've made this video to show how it works for me.
The video shows how the seed is created with Keypass but there are also other ways out there.
I don't need to say, use this information at your own risk and test it on a test wallet only :).
Do your own research and if you get interesting information, please share it!
What is Two-Channel Auto-Type Obfuscation?
The Auto-Type feature of KeePass is very powerful: it sends simulated keypresses to other applications. This works with all Windows applications and for the target applications, it's not possible to distinguish between real keypresses and the ones simulated by Auto-Type. This at the same time is the main disadvantage of Auto-Type, because keyloggers can eavesdrop the simulated keys. That's where Two-Channel Auto-Type Obfuscation (TCATO) comes into play.
TCATO makes standard keyloggers useless. It uses the Windows clipboard to transfer parts of the auto-typed text into the target application. Keyloggers can see the Ctrl+V presses, but do not log the actual contents pasted from the clipboard.
Clipboard spies don't work either because only parts of the sensitive information are transferred in this way.
Anyway, it's not perfectly secure (and unfortunately cannot be made by theory). None of the currently available keyloggers or clipboard spies can eavesdrop an obfuscated auto-type process, but it is theoretically possible to write a dedicated spy application that specializes in logging obfuscated auto-type.