...could, conceivably, get you into trouble.
{...}Sounds from typing on computer keyboards are distinctive enough to be decoded, allowing security breaches caused by "acoustic snooping," University of California, Berkeley researchers said on Wednesday.The researchers said they were able to feed sound recordings of typing on keyboards into a computer and use an algorithm to recover up to 96 percent of the keyboard characters entered by typists.
"It's a form of acoustical spying that should raise red flags among computer security and privacy experts," said Doug Tygar, a Berkeley professor of computer science and information management.
"If we were able to figure this out, it's likely that people with less honorable intentions can -- or have -- as well," Tygar said.{...}
96% of recovered keystrokes isn't all that impressive, however, when you take into account the odds of recovering the missing four percent. After all, you need a password in its entirety---96% of it isn't going to magically open anything. While I will admit it's easier for a hacker to brute force the remaining keystrokes, you'd still have to know precisely what you were doing to get anything.
No, I'm not worried about this. I think this is a much more dazzling weakness as far as computer security is concerned.
{HT: Jonathan}
Posted by Kathy at September 19, 2005 10:12 AM | TrackBackit only works if you touch type. which I do not.
Posted by: caltechgirl at September 19, 2005 11:31 AMYes but also keep in mind what many people use for their passwords.
It certainly isn't "fhdi275ds", rather something along the lines of "Snickers", where snickers is their cat.
Given that 96% is PLENTY to guess that password.
Especially since most people can read words perfectly even if several letters are missing or in the wrong order.
Was doing a home network install that had specific requirements so that one of the residents could VPN to the office of a rather high-tech medical device company. You might say they were picky about the set-up.
There were requirements for the SSID (the name of the wireless access point) that were more stringent than most password requirements I've seen. At least 8 character, must include at least 2, non-consecutive numbers and at least one 'special' character (like & or @).
Don't even get me started on the 32 character WPA key...
Posted by: MRN aka "The Husband" at September 20, 2005 09:52 PM