-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Tue, Dec 27, 2016 at 12:32:01AM +0000, john.david.r.smith wrote: > > > I agree that filtering the trusted sound is very fragile, especially if you > > don't want to add a latency. I'd say this is virtually no way. > > this problem maybe could be solved without filtering: > * on setup the user chooses a notification sound (maybe one for each color) > * the sounds should be random generated (here i don't know how easy it is > to generate easy distinguishable randomized notification sounds) > * since most users will use the default selection, it should be randomized. > * every time the focus changes, the notification sound is played (if > different sounds are chosen for each color, the user even knows the color of > the active dom) > * if the user presses a key-combination (intercepted by dom0), the sound is > played again (maybe followed by some tts component saying the vmname). > > since the attacker can't know the the sound (if it is possible to create > such random sounds well enough), it can't be faked (except brute force is > used, which could be detected by the user). > > the user maybe could choose a sequence of sounds. > > as already posted, all other sounds should be muted when the notification > sound is played. > > maybe the best way would be to get the user to configure the confirmation > sound by recording some custom sound with a microphone. > this would be much harder to fake than random sounds. > especially if the user records her/himself saying the vmname (and i guess > this would be the most secure way).
I'd not depend on VM-not-knowing-the-sound. While it could be achieved initially, I think it will eventually leak into VM. For example when user assign a microphone to a VM. But the idea of a key intercepted by dom0 to play VM name (and/or some per-VM or per-label sound) is good. Of course all VMs should be muted for this time. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJYYjYPAAoJENuP0xzK19csheoIAJFTy2vBZ8lwXHGhGMzYcBoN OF+1URUn/jiEVaoFKf5DBThDqXsGj+GVOWcjpWJzD+ZAOWQ7kHr35eHfpeeCVc4g 7yvG4DUhjfbN2K7sAw6c39oLwKPx1rANKHvS4BPxuSSWTUBz3Uvo0Z0HIXcathVC 1cUF3IApOW2BC6DNenxX/ZWKd4s4XXNxmBlHdDxziZeM325LyZ5XQnW/cyTLO5Aj 4udvtPIfhmZHXAbSHLC5KQer/Z8TeQRU/bixDwDth+p5PExseX+oeNTeb1TkRKLH 2bWNTNMyl9MWprBFGAzYVm6pPnQ7y48eezO1Tddp5c1b1SUk+PKUFXqmAQeNMQg= =Z376 -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20161227093615.GB1159%40mail-itl. For more options, visit https://groups.google.com/d/optout.
