Slashdot Mirror


Keyboard Sound Aids Password Cracking

stinerman writes "Three students at UC-Berkley used a 10 minute recording of a keyboard to recover 96% of the characters typed during the session. The article details that their methods did not require a 'training text' in order to calibrate the conversion algorithm as has been used previously. The research paper [PDF] notes that '90% of 5-character random passwords using only letters can be generated in fewer than 20 attempts by an adversary; 80% of 10-character passwords can be generated in fewer than 75 attempts.'"

6 of 389 comments (clear)

  1. lock out? by Lawrence_Bird · · Score: 0, Redundant

    won't most systems lock a user out before 75 attempts?

  2. Any decent authentication system.. by CyricZ · · Score: -1, Redundant

    .. will disallow a login for some certain period of time following three or four incorrect passwords. So while it is of course quite awful that many passwords can be guessed within 75 tries after using this method, it maybe not mean that the user's account will be compromised immediately. Even then, an administrator should be alerted by the time logging in has been disabled two or three times.

    --
    Cyric Zndovzny at your service.
  3. Re:My Luggage by TheOldSchooler · · Score: 1, Redundant

    1 2 3 4 5? That's amazing! I've got the same combination on my luggage! Prepare Spaceball 1 for immediate departure!

  4. Re:My Luggage by BlakLanner · · Score: 0, Redundant

    And change the combination on my luggage!

  5. Re:My Luggage by Torontoman · · Score: 1, Redundant

    Yeah well my secret combo will be the last sequence you try!! Beat that!

  6. Re:RT*F*A by bracher · · Score: 0, Redundant
    Or, if you're not going to read the article, at the very least read the F*ing blurb on slashdot:

    The article details that their methods did not require a 'training text' in order to calibrate the conversion algorithm as has been used previously.