Slashdot Mirror

← Back to Stories (view on slashdot.org)

Keyboard Sound Aids Password Cracking

Posted by CmdrTaco on from the but-i-love-clicky-keyboards dept.

stinerman writes "Three students at UC-Berkley used a 10 minute recording of a keyboard to recover 96% of the characters typed during the session. The article details that their methods did not require a 'training text' in order to calibrate the conversion algorithm as has been used previously. The research paper [PDF] notes that '90% of 5-character random passwords using only letters can be generated in fewer than 20 attempts by an adversary; 80% of 10-character passwords can be generated in fewer than 75 attempts.'"

35 of 389 comments (clear)

  1. My Luggage by Valiss · · Score: 4, Funny

    '90% of 5-character random passwords using only letters can be generated in fewer than 20 attempts by an adversary; 80% of 10-character passwords can be generated in fewer than 75 attempts.'

    Looks like you're screwed because my luggage password is 5 digits long, but all digits are numbers in a sequential order starting with one. Ha ha!

    --

    -Valiss
    1. Re:My Luggage by loimprevisto · · Score: 4, Funny

      What? 1,2,3,4,5? Only an moron would use that combination for their luggage!

      --
      Much Madness is divinest Sense --
      To a discerning Eye --
      Much Sense -- the starkest Madness
    2. Re:My Luggage by Rick.C · · Score: 4, Funny
      What? 1,2,3,4,5? Only an moron would use that combination for their luggage!

      Shhhh! That's not the combination he set - that's the TSA's "back-door" combo.

      --
      You were 80% angel, 10% demon. The rest was hard to explain. - Over The Rhine
      "Math in a song is good."-Linford
  2. Another old fashioned way to get passwords w audio by xxxJonBoyxxx · · Score: 3, Funny

    Another old fashioned way to get passwords w audio: Just tap the "help desk" phone line.

  3. It's a good thing... by Nuclear+Elephant · · Score: 5, Funny

    ... that my voice is my passport.

  4. Hunt and peck for safety? by Alcimedes · · Score: 2, Funny

    Go figure, typing properly now means you get your password cracked.

    Guess that's all the more reason to keep that Cheetos bag crinkling as you type. Gotta stop the commies!

  5. WARNING by JamesD_UK · · Score: 5, Funny

    Security experts recommend you don't speak the name of the key you're hunting for as you type your password with a single finger.

  6. Great... by crc32 · · Score: 5, Funny

    Now I'll need tinfoil wallpaper too, time to go to Cosco...

    --
    "In order to make an apple pie from scratch, you must first create the universe." -- Carl Sagan, Cosmos
    1. Re:Great... by rtaylor · · Score: 4, Funny

      Now I'll need tinfoil wallpaper too, time to go to Cosco...

      Tinfoil was eliminated by the government and replaced with aluminum foil. Your wallpaper and hats only make you believe you're safe.

      --
      Rod Taylor
    2. Re:Great... by OzPeter · · Score: 4, Funny

      If you knew your world history you would know that it was an early 20th century right wing plot to get the US to use aluminum instead of the aluminium that the rest of the world uses.

      You see while aluminum looks and feels a lot like aluminium, it is actually a differant material, so much so that it cannot be used as a tinfoil hat replacement.

      Thus by duping the US citizens into believing that aluminum was just as good as aluminium (and more patriotic for the country), the government easily gained the capability of reading all of your thoughts, even when you thought they couldn't [*]

      As of now, the rest of English speaking world sits smuggly by wearing our aluminium foil hats, safe in the knowledge that our thoughts are secure.

      [*] Unfortunatley there was a side effect to being able to read the thoughts of everyone in the US. The summaries of such thoughts are used to brief the president in order to help him direct policy. But starting with the Shiny Shiny movements of the mid 80's suceeding presidents have slowly become paralysed by the thoughts of the mass population. This has come to a head with GWB being briefed hourly about how the population feels about JLo and Bennifer, while other, more important items are ignored.

      The only possible solution to this is to disband the remote thought readings, but when confronted with leftist radical ideas like this, the CIA/Industro-Military Complex reacts violently and labels such ideas as being the work of terrorists. (It should be noted that these people are known to have holdings of aluminium manufacturers in other countries, thus securing their *private* supply of aluminium foil hats).

      --
      I am Slashdot. Are you Slashdot as well?
  7. thts why im s0 l33t. by JVert · · Score: 1, Funny

    H0miez hav mic's all 0ver i know. So I do wh4t is ne3ded to k3ep my info s4fe.

  8. Easy Fix by jatemack · · Score: 2, Funny

    Just make a clicking noise with your tongue and the roof of your mouth as you type. It sounds almost identical, and you'll automatically sync the sound up with each keystroke.

    Try it.

    --
    // no
  9. Re:applicability? by rot26 · · Score: 2, Funny

    Good idea. They sell those at the same movie prop houses that carry 57-shot revolvers, self-igniting gasoline, and phones with "AT&T" written on every surface.

    --



    To ensure perfect aim, shoot first and call whatever you hit the target
  10. Crap! I use a Model M! by allanc · · Score: 2, Funny

    With these clicky buckling springs, they'll be able to sniff my password from miles away!

  11. Agent x86 by Molina+the+Bofh · · Score: 4, Funny

    Be careful, chief. Lets type in the cone of silence.

    --

    -
    Roses are #FF0000, Violets are #0000FF, find / -name '*base*' |xargs chown -R us && mv zig greatjustice
  12. Now it's time to say goodbye, to all our company.. by Anonymous Coward · · Score: 2, Funny

    This reminds me of a sysop I once worked with. Every time he logged in you could clearly identify the rhythm of M-I-C-K-E-Y M-O-U-S-E. Sometimes he was even stupid enough to hum the tune as he typed it. And this idiot was one of the senior IT guys at a major oil company.

  13. Re:Redbox for keyboards now? by o7400 · · Score: 5, Funny

    That's it. From now on, whenever I'm typing a password I'm going to scream at the top of my lungs. How about that stopid password stealers!?

  14. A little known fact by Klowner · · Score: 2, Funny

    It's also incredibly helpful when they mumble their password as they type it.

  15. Re:Redbox for keyboards now? by TripMaster+Monkey · · Score: 5, Funny


    Spyware attempting to hash out your keystrokes by listening to the keypresses instead of grabbing the strokes directly is a bit like a person trying to enjoy music by watching the equalizer lights flicker instead of using the speakers.

    --
    ____

    ~ |rip/\/\aster /\/\onkey

  16. Re:Berkley != Berkeley by Anonymous Coward · · Score: 1, Funny

    It is actually a typo [...] not caught by Taco.

    I'm amazed. No, stunned. No.. umm, what's the opposite of "amazed" again? :o)

  17. Re:Redbox for keyboards now? by Daniel_Staal · · Score: 2, Funny
    ...like a person trying to enjoy music by watching the equalizer lights flicker instead of using the speakers.

    Hey, I've done that! It's a great exercize for increasing the pattern-matching ablities of your brain! You have no idea how good it feels when you finally 'hear' the music just by watching the lights...

    (Well, at least I think so.)

    --
    'Sensible' is a curse word.
  18. I just deduced a password from this article by digitaldc · · Score: 2, Funny

    it is 'password' It works about 25% of the time.

    --
    He who knows best knows how little he knows. - Thomas Jefferson
  19. Re:...and it corrects typos! by vertinox · · Score: 2, Funny

    What is the USPS doing with this type of research?

    To find methods to read your unopened mail by listening to it.

    --
    "I am the king of the Romans, and am superior to rules of grammar!"
    -Sigismund, Holy Roman Emperor (1368-1437)
  20. Re:Redbox for keyboards now? by TheViciousOverWind · · Score: 3, Funny

    You have no idea how good it feels when you finally 'hear' the music just by watching the lights...

    Why don't you volunteer for a charity? It sounds like you have enough time on your hands to save the world singlehandedly.

    --
    My <1000 UID is with a hot chick
  21. Re:Keyboard specific? by Anonymous Coward · · Score: 1, Funny

    Learn logic.

  22. Re:A quick idea that just popped into my noggin: by Anonymous Coward · · Score: 1, Funny

    Maybe while we're waiting around for the target to log into his computer, touch none of the other keys, and immediately leave, we can get to work on a teleporter to remotely swap out his keyboard before he comes back. Oh, and bonus! We can beam his original keyboard right into the fingerprint oil age analysis machine (with millisecond accuracy so that we can truly "backtrack" his password) that we'll also invent.

  23. Re:Redbox for keyboards now? by avronius · · Score: 3, Funny

    Some potential titles for the afore mentioned 80's movie:
    "Remix Of The Killer Tomatoes"
    "Return Of The Password Snatchers"
    "They Listened from Within"
    "Buffy The Keystroke Logger" (not quite on-topic)
    "I Know What You Typed Last Summer"
    "Eavesdropper"
    "The Computers Have Ears"

    The unrelated horror film we're most likely to see?
    "The Blog" - with Steve McQueen re-animated to reprise his role as "Steve Andrews"
    Genre: Horror / Sci-Fi / Comedy
    Tagline: Indescribable... Indestructible! Nothing Can Stop It!
    Plot Outline: An inane personal web log consumes all bandwidth in its path as it grows and grows.

  24. Re:Redbox for keyboards now? by Daniel_Staal · · Score: 4, Funny
    Why don't you volunteer for a charity? It sounds like you have enough time on your hands to save the world singlehandedly.

    I am now out of college.

    --
    'Sensible' is a curse word.
  25. It can't work for me... by cyberbrown · · Score: 2, Funny

    I write /whois and /away much more often than my passwords.
    Yes, I'm IRC addicted...

  26. And now let's check in on the FBI... by halcyon1234 · · Score: 2, Funny
    ... in their "Audio-Based Password Cracking Lab".

    Here we see Agent Small and Agent Geoffries working on a real, live Password Hacking "Evesdrop Machine". If they can just hear enough of the nefarious criminal's activities, the can garner all of his secrets.


    AS: Okay, we're getting something.
    EM: *click click clickity click*
    AG: What was that?
    AS: It sounded like a URL. He must be going to a website. The machine will try to crack the URL.
    EM: *click*
    AG: That was a mouse click, wasn't it?
    AS: Yup, not very helpful.
    EM: *thump thump thump thump*
    AG: What's that?
    AS: It sounds like a hard and regular pounding of something. I can't quite make it out.
    AG: Hey, the machine's got the url. www.ultimatepron....
    EM: *thump thump thumpthumpthump...spalsh*
    AG&AS: Ewwww!

    --
    UTF-8: There and Back Again
  27. Re:applicability? by zizzo · · Score: 2, Funny

    How about a zoom lens?

    The parent poster is right. Photographic techniques are probably easier across the board. But there is no reason you can't use both.

    I'm ok though. I type in my password with mittens in a dark room. I wish they would let me out of here.

  28. Re:Keyboard specific? by aardvarkjoe · · Score: 3, Funny
    I will defeat this by entering my password in Morse code.

    Oh, crap.

    --

    How can we continue to believe in a just universe and freedom to eat crackers if we have no ale?
  29. Re:Keyboard specific? by Opie812 · · Score: 3, Funny

    on

    --
    I'm not a nerd. Nerds are smart.
  30. Re:Passwords are obsolete by FhnuZoag · · Score: 2, Funny

    Got a bright idea? Maybe we should just glue the user to the computer.

  31. Re:Redbox for keyboards now? by Dirtside · · Score: 2, Funny

    Thank god I've spent the last five years practicing how to make keyboard clicking sounds with my mouth. You'll never get my password!

    --
    "Destroy science and religion. Science would re-emerge exactly the same; but not religion." - Penn Jillette, paraphrased