undefined | Better HN

0 pointsharadion1y ago0 comments

OpenSSL does provide a callback mechanism to allow for key logging, but the application does have to opt in. IIRC, at least Curl does support it by default.

0 comments

tsimionescu1y ago

Yes, there are ways to do keylogging with OpenSSL. Even if the app doesn't support it, you can do it with LD_PRELOAD and external libraries that call those callbacks. But it's still a whole lot more work than just an env var, and then just not having all these problems in the first place, by avoiding unnecessary encryption. And it probably won't work on mobile.

j / k navigate · click thread line to collapse

0 pointsharadion1y ago0 comments

OpenSSL does provide a callback mechanism to allow for key logging, but the application does have to opt in. IIRC, at least Curl does support it by default.

0 comments

tsimionescu1y ago

j / k navigate · click thread line to collapse