Keyboard Sound Aids Password Cracking
stinerman writes "Three students at UC-Berkley used a 10 minute recording of a keyboard to recover 96% of the characters typed during the session. The article details that their methods did not require a 'training text' in order to calibrate the conversion algorithm as has been used previously. The research paper [PDF] notes that '90% of 5-character random passwords using only letters can be generated in fewer than 20 attempts by an adversary; 80% of 10-character passwords can be generated in fewer than 75 attempts.'"
won't most systems lock a user out before 75 attempts?
.. will disallow a login for some certain period of time following three or four incorrect passwords. So while it is of course quite awful that many passwords can be guessed within 75 tries after using this method, it maybe not mean that the user's account will be compromised immediately. Even then, an administrator should be alerted by the time logging in has been disabled two or three times.
Cyric Zndovzny at your service.
1 2 3 4 5? That's amazing! I've got the same combination on my luggage! Prepare Spaceball 1 for immediate departure!
And change the combination on my luggage!
Yeah well my secret combo will be the last sequence you try!! Beat that!