Keyboard Sound Aids Password Cracking 389
stinerman writes "Three students at UC-Berkley used a 10 minute recording of a keyboard to recover 96% of the characters typed during the session. The article details that their methods did not require a 'training text' in order to calibrate the conversion algorithm as has been used previously. The research paper [PDF] notes that '90% of 5-character random passwords using only letters can be generated in fewer than 20 attempts by an adversary; 80% of 10-character passwords can be generated in fewer than 75 attempts.'"
Keyboard specific? (Score:5, Insightful)
applicability? (Score:5, Insightful)
75 attempts? (Score:5, Insightful)
All the systems where I work will lock you out after 5 bad attempts. What kind of password system lets you try 75 (or even 20) times?
As the article says: (Score:5, Insightful)
good idea (Score:2, Insightful)
then lets say you find out whats THE is, then you find another word that is 5 letters that starts with 'THE', then you are going to find out what R is, then what I is (from there and their) and so on and so on. so good for them for just using basic methods
Re:applicability? (Score:5, Insightful)
How about a parabolic or shotgun mike?
Re:applicability? (Score:2, Insightful)
A camera would have to be given the right viewpoint, would likely be bigger, and the keyboard might move out of the camera's range.
Re:75 attempts? (Score:5, Insightful)
Not to say that the alternatives don't have their weaknesses, but this one certainly does as well.
Re:75 attempts? (Score:2, Insightful)
Of course if the person changes the password every 3 weeks...
Different sounds (Score:2, Insightful)
Re:75 attempts? (Score:2, Insightful)
Re:Keyboard specific? (Score:1, Insightful)
Step 6. (Score:2, Insightful)
Re:Use ASCII numerics, or pound the keyboard at lo (Score:4, Insightful)
1. The keystroke timing would be much different
2. Constantly making errors which require much backspace pressing
Re:Redbox for keyboards now? (Score:3, Insightful)
Extending this to 3 mircophones (Score:2, Insightful)
Re:75 attempts? (Score:3, Insightful)
Most of our connectivity is onsite anyway...VPN access is pretty tightly regulated...so for us to be DOS vulnerable, the attacker would have to be inside the building, on the network, and by "on" I mean "plugged into" because my boss thinks "wireless security" is an oxymoron.
It's more maintenance and more of a pain in the butt to work with than a less secure system, but we never have security related problems.
Passwords are obsolete (Score:2, Insightful)