Keyboard Sound Aids Password Cracking

stinerman writes "Three students at UC-Berkley used a 10 minute recording of a keyboard to recover 96% of the characters typed during the session. The article details that their methods did not require a 'training text' in order to calibrate the conversion algorithm as has been used previously. The research paper [PDF] notes that '90% of 5-character random passwords using only letters can be generated in fewer than 20 attempts by an adversary; 80% of 10-character passwords can be generated in fewer than 75 attempts.'"

My Luggage

[Valiss]

'90% of 5-character random passwords using only letters can be generated in fewer than 20 attempts by an adversary; 80% of 10-character passwords can be generated in fewer than 75 attempts.'

Looks like you're screwed because my luggage password is 5 digits long, but all digits are numbers in a sequential order starting with one. Ha ha!

Re:My Luggage

[loimprevisto]

What? 1,2,3,4,5? Only an moron would use that combination for their luggage!

Re:My Luggage

[Rick.C]

What? 1,2,3,4,5? Only an moron would use that combination for their luggage!

Shhhh! That's not the combination he set - that's the TSA's "back-door" combo.

Re:My Luggage

[isometrick]

I suspect it is (in reality) much higher than that, given the password/key/combo choosing standards of the general public.

Don't assume that each possibility is equally likely . :)

Re:My Luggage

[c0n0]

Actually, the number of combinations on any numeric system (in any base) is given by:

base ^ no. of digits

For example, on a base 2 system (binary), if you have only one digit you get 2^1 possible combinations, i.e. 2 (0 and 1).
On a decimal system (base 10), if you have 2 digits it'd be 10^2 = 100 (from 00 to 99).

Therefore, 12345 has 5 digits, assuming each one goes from 0 to 9 we can say that the possible number of combinations is 10^5 - 100,000.

On a side note, you quoted just part of his sentence and took it out of context.

He said:

I suspect it is (in reality) much higher than that, given the password/key/combo choosing standards of the general public.

so there's a whole chunk of sentence after the comma that you (conveniently) forgot/ignored.

He was trying to say that not all numbers should have the same weight the same, because eventhough in theory there's equal chance of any combination getting picked by anybody, the reality probably is that most of the time people will go with a popular combination such as 12345, 00000, 11111, etc, so the likelyhood of such numbers being picked is higher

So basically you:

-took something out of context only to attack someone
-just don't 'get math'
-showed a great example on how can 'quite simple' sometimes can be 'quite difficult'.

Redbox for keyboards now?

[otomoton]

Does this mean that instead of keystroke loggers, spyware is now going to monitor our microphone input? This almost sounds like something out of a bad 80's movie.

Re:Redbox for keyboards now?

[o7400]

That's it. From now on, whenever I'm typing a password I'm going to scream at the top of my lungs. How about that stopid password stealers!?

Re:Redbox for keyboards now?

[TripMaster+Monkey]

Spyware attempting to hash out your keystrokes by listening to the keypresses instead of grabbing the strokes directly is a bit like a person trying to enjoy music by watching the equalizer lights flicker instead of using the speakers.

Re:Redbox for keyboards now?

[Enigma_Man]

That's exactly what this article is about though... They can get your keystrokes with 96% accuracy just by listening to them over a period of time.

So, theoretically, yes; malware could listen to microphone input of you typing and work it backwards into key logging. If spyware's already on your system though, it'd be easier just to log the keys in the system. But you could figure out what someone else is typing just by recording it.

-Jesse

Re:Redbox for keyboards now?

[Daniel_Staal]

...like a person trying to enjoy music by watching the equalizer lights flicker instead of using the speakers.

Hey, I've done that! It's a great exercize for increasing the pattern-matching ablities of your brain! You have no idea how good it feels when you finally 'hear' the music just by watching the lights...

(Well, at least I think so.)

Re:Redbox for keyboards now?

[TheViciousOverWind]

You have no idea how good it feels when you finally 'hear' the music just by watching the lights...

Why don't you volunteer for a charity? It sounds like you have enough time on your hands to save the world singlehandedly.

Re:Redbox for keyboards now?

[X0563511]

and then the'll just use a notch filter and take the human vocal range out, leaving plenty of low and high freq sounds to play with.

Re:Redbox for keyboards now?

[cei]

Well, I've heard about a guy who was pretty severely colorblind who could color-correct photos in Photoshop by the numbers and come up with better results than those who didn't share his impairment. It's interesting to me when meta content becomes content in its own right... if the lights of the EQ become just as valid a form of expression as the sounds driving them.

Re:Redbox for keyboards now?

[avronius]

Some potential titles for the afore mentioned 80's movie:
"Remix Of The Killer Tomatoes"
"Return Of The Password Snatchers"
"They Listened from Within"
"Buffy The Keystroke Logger" (not quite on-topic)
"I Know What You Typed Last Summer"
"Eavesdropper"
"The Computers Have Ears"

The unrelated horror film we're most likely to see?
"The Blog" - with Steve McQueen re-animated to reprise his role as "Steve Andrews"
Genre: Horror / Sci-Fi / Comedy
Tagline: Indescribable... Indestructible! Nothing Can Stop It!
Plot Outline: An inane personal web log consumes all bandwidth in its path as it grows and grows.

Re:Redbox for keyboards now?

[Daniel_Staal]

Why don't you volunteer for a charity? It sounds like you have enough time on your hands to save the world singlehandedly.

I am now out of college.

Re:Redbox for keyboards now?

[gi-tux]

When I first saw the headline, I thought that maybe they were doing time analysis on the keystrokes to guess the fingers used and which row on the keyboard. If that were the case, I would just type my password using a couple of fingers and do some very accurate timing (given I used to be a drummer, I can get pretty accurate) an that would throw them off.

However, this is a little harder, I have to hit each and every key so that it makes exactly the same sound. This is extremely difficult because even if I use exactly the same pressure and exactly the same stroke on every key, then the spring might be different, or the switch might be slightly different on a few keys and still give hints.

I think that the best defense is to learn to type at about 1200 words per minutes (100 characters per second) so that the sound is just one constant stream and they would be incapable of breaking it down. Like the German "zip gun" from WWII, the MG-42 which fired around 1200-1300 rounds per minute and sounded like a zipper to the Allied soldiers. The constant short zip sounds also made it difficult to locate the gun when in cover.

Re:Redbox for keyboards now?

[danila]

That would essentially make airborne computer viruses possible!

A virus infects one computer in an office installs spyware, listens to typing in the office, generate a dictionary of likely passwords and then attempts to attack nearby computers (just scan the subnet/workgroup) by using overheard passwords.

Re:Redbox for keyboards now?

[Dirtside]

Thank god I've spent the last five years practicing how to make keyboard clicking sounds with my mouth. You'll never get my password!

Keyboard specific?

[markass530]

I'd have a hard time believing this method transcends all keyboard models, and all typists.

Re:Keyboard specific?

[MankyD]

I'd have a hard time believing this method transcends all keyboard models, and all typists.

It doesn't, but it does work for most keyboards, and that's the catch. Keyboards must be specifically designed to counter it. Thus far, most aren't.

Re:Keyboard specific?

[sTalking_Goat]

Read the article but not the paper. I could see some immediate flaws. For people who learned traditional typing methods and make few mistakes (ie. most heavy computer users) this could work.

For people like me who never learned to type the "correct way" and use a mish-mash of styles and methods, or someone with fat fingers who makes a lot of mistakes, or the typing dyslexic, the system might be flawed. Also I'd imagine a twisted Keyboard would sound very different from a rectangular straight keyboard.

Its not a catch-all system but it would probably work on most people...

Having a recording of short known sequence could probably narrow the error margin a lot though....

Re:Keyboard specific?

[TripMaster+Monkey]

I've seen this objection several times in this discussion, so I think I should respond here.

The audio recording required for deciphering the keystrokes needs to be different for every combination of user and keyboard. There is no way a universal key could be developed; even if the same make and model of keyboard were being used, the amount of wear the keyboard has experenced would contribute to differences in the sound, and this system depends on isolating unique sounds for each keypress. Also, different users have different typing styles...a recording of one user typing will be fairly useless in determining the keystrokes of another user.

Also, the rhythym of typing is entirely beside the point here...again, the point is that each key makes a slightly different, unique sound when pressed. Given the sounds of enough keystrokes, the order in which they were pressed, and a knowledge of the language being typed in, it is easy to determine which sounds correspond to which letters. Think of it as a simple substitution cipher.

Re:Keyboard specific?

[1u3hr]

Just learn Dvorak. Done.

No. They analyse the clicks by comparing them with English letter frequencies. So it doesn't matter what the key is marked as, it's what you're using it for that is recorded.

Re:Keyboard specific?

[aardvarkjoe]

I will defeat this by entering my password in Morse code.

Oh, crap.

Re:Keyboard specific?

[Enigma_Man]

Also I'd imagine a twisted Keyboard would sound very different from a rectangular straight keyboard.

The algorithm in the description doesn't have/need a baseline recording of any particular keyboard, it learns as it goes along, using pattern, and dictionary-style decoding. It just listens for all sorts of different sounding keystrokes, then starts to assume things as it goes along. If you type the same three different sounding characters in a row a whole bunch of times, it's probably the word "the" rather than "zoe". It can use common words and lengths of words to figure it out, even if you're typing on a homemade, metal keyboard that sounds 100% unique from any other board.

-Jesse

Re:Keyboard specific?

[Opie812]

on

applicability?

[MooseTick]

If you can get a mike that close to a keyboard to listen to the keystrokes, then you can probably place a micro camera and get the same results.

Re:applicability?

[TripMaster+Monkey]

How about a parabolic or shotgun mike?

Re:applicability?

[Narcissus]

My laptop has a built-in microphone 'somewhere' near my keyboard. I don't know if this is too close to actually get anything from, though: it alls sounds quite similar to me, when I happen to be talking via VoIP with a friend who refuses to:
a) get a standalone mic; and
b) stop coding while he's talking to me...

Re:applicability?

[someone300]

A tiny wireless microphone can be taped underneath the keyboard.

A camera would have to be given the right viewpoint, would likely be bigger, and the keyboard might move out of the camera's range.

Re:applicability?

[rot26]

Good idea. They sell those at the same movie prop houses that carry 57-shot revolvers, self-igniting gasoline, and phones with "AT&T" written on every surface.

Re:applicability?

[Migraineman]

If I've got access to install spyware on your computer, why would I go through the Rube-Goldbergian process of recording sound, processing, etc? Can't I just sniff the keypresses directly?

Now, using the mic in a laptop to sniff sounds made by *other* computers would be pretty slick.

Re:applicability?

[rot26]

I'm not saying they don't exist, I'm just saying they don't work like you think they work. The ones on the football field probably help mask ambient crowd noise, but they don't do much, if anything, to increase the gain of the target audio. Audio frequencies, especially in the range of the human voice (i.e. relatively low) are HIGHLY non-directional.

Now if you want something that actually WORKS, try a laser microphone or an array of mic's in tubes of varied lengths with each tube resonating at a likely component of the targeted frequency range. (Still not directional, but has a lot of gain.)

Re:applicability?

[zizzo]

How about a zoom lens?

The parent poster is right. Photographic techniques are probably easier across the board. But there is no reason you can't use both.

I'm ok though. I type in my password with mittens in a dark room. I wish they would let me out of here.

Re:applicability?

[PiratePTG]

they don't work like you think they work. The ones on the football field probably help mask ambient crowd noise, but they don't do much, if anything, to increase the gain of the target audio.

Almost right... The "Big Ears" (yes, that is their name, Google for them) parabolic reflectors work by focusing the intended audio onto the pickup face of a standard microphone. They don't necessarily increase the gain of the audio, but they decrease the signal to noise of the audio. Off-axis audio gets reflected back out the other side of the reflector, while the on-axis audio gets reflected to the face of the mic. And even the position of the mic in the reflector is adjustable, so you can compensate for distance. By reflecting the undesired audio out of the reflector, there is an apparent increase in desired audio gain. Big Ears don't mask undesired audio, it simply reflects it back out away from the mic pickup.

try a laser microphone

Wouldn't work in this application. A laser mic needs something to "reflect" off of. Like a window or the face of a framed picture. The hard surface merely becomes the diaphram of the mic, the reflected laser signal is converted to audio pulses just like a moving coil over a fixed magnet would be. Pointing a laser mic at a keyboard would get you almost nothing. The tops of the keycaps are usually concave, and have a matte finish, which would effectively scatter the laser beam. And if you did just focus on one key, as soon as it was pressed, or a finger got in the way TO press it, you'd lose the signal. And besides, if you could point a laser at the keyboard, why not just get a camera?!

an array of mic's in tubes of varied lengths with each tube resonating at a likely component of the targeted frequency range. (Still not directional, but has a lot of gain.)

Ummm... Sorry... wrong again... The original "shotgun mic" got it's name from the number of "barrels" it had. It would have been more appropriate to call it a "gatling-gun mic". The design was to have a number of tubes cut to resonate at different frequencies all barreled together, with a parabolic reflector (see Big Ears above) mounted on the rear, with a SINGLE mic inside of the reflector to pick up the audio. The "shotgun" effect did nothing to increase the gain of the audio, but works again by focusing desired audio onto the pickup head of a mic. The different length tubes did resonate at different frequencies, and increased the frequency response of the mic (the early shotguns used crystal elements). The apparent directionality of the mic was because side and rear audio was blocked from the pickup mic, by the fact it was in a parabolic chamber behind the tube stack. A stack of mics inside tubes as you suggest would kinda sorta work, but the electronics necessary to multiplex all that audio together, without introducing phase distortion, would be way too complex or even remotely practical.

"Shotgun/gattling gun" mics are no longer used these days. At least I have never seen one in the wild. The directional "shotgun" mics used today are basically a tuned chamber with a pickup element that gets it's directionality from phasing the desired audio. Audio from the rear or sides arrive at the pickup element out of phase and are cancled out. On-axis audio arrives in phase "with itself" and is picked up. Any gain from the mic again comes from decreasing the signal to noise, and through preamps built into the microphone. The tuned chamber itself does nothing to increase the gain of the desired audio.

Now, all that said, I could easily build a wireless mic transmitter in less room than a postage stamp takes up, and again easily mount it close enough to a keyboard to pick up the keystrokes. A whole lot easier than trying to mount a camera somewhere to see the keyboard. The only downside to trying to crack a password by recording the keyclicks is that the keyboard probabally needs to be fairly isolated. A keyboard in a room full of keyboards is not going to be easy to pick up. The signal to noise would be a factor to deal with. Not impossible, but certainly adds additional complexity, and inaccuracy, to the recording/cracking process.

Just my nickle's worth...

Another old fashioned way to get passwords w audio

[xxxJonBoyxxx]

Another old fashioned way to get passwords w audio: Just tap the "help desk" phone line.

It's a good thing...

[Nuclear+Elephant]

... that my voice is my passport.

75 attempts?

[jlower]

'90% of 5-character random passwords using only letters can be generated in fewer than 20 attempts by an adversary; 80% of 10-character passwords can be generated in fewer than 75 attempts.
All the systems where I work will lock you out after 5 bad attempts. What kind of password system lets you try 75 (or even 20) times?

Re:75 attempts?

[sammy+baby]

Plenty of them. Implementing a lockout out of X number of bad attempts can open you up to some hairy denial of service attacks. Want to lock out a user for a few hours? Just fail to login as that person 5 times.

Not to say that the alternatives don't have their weaknesses, but this one certainly does as well.

Re:75 attempts?

[gamer4Life]

You can program it to guess the password 3 times a day and within several weeks, the password will be yours. Still a reasonable timeframe.

Of course if the person changes the password every 3 weeks...

Re:75 attempts?

[chinadrum]

One would hope you'd be locked out before then. The problem is that most people don't use random passwords. When the keys you record return Fluf[]y you can guess the missing letter mom typed was 'f' to fill in Fluffy. Bang one try. It's back to the old physical security deal.

Re:75 attempts?

[SatanicPuppy]

Where I work it's three times, and the lockout on the critical systems doesn't expire--you have to be reactivated by an admin. The exception is root, but root can only log on when sitting in front of the keyboard, in the multi-locked and monitored server room.

Most of our connectivity is onsite anyway...VPN access is pretty tightly regulated...so for us to be DOS vulnerable, the attacker would have to be inside the building, on the network, and by "on" I mean "plugged into" because my boss thinks "wireless security" is an oxymoron.

It's more maintenance and more of a pain in the butt to work with than a less secure system, but we never have security related problems.

Re:75 attempts?

[papasui]

This is exactly how I exploited a Novell network while in high school.. I wrote a keystroke logger and then intentionally entered my own password wrong serveral times until I was locked out. I called the Sysadmin over and he logged in on the computer and reset my password. I then pulled his password from the logger and made my own sysadmin account 'jdoe'.

As the article says:

[tabkey12]

It just goes to show that when you have physical access to a computer, the security's already broken...

Hunt and peck for safety?

[Alcimedes]

Go figure, typing properly now means you get your password cracked.

Guess that's all the more reason to keep that Cheetos bag crinkling as you type. Gotta stop the commies!

Re:Hunt and peck for safety?

[LLuthor]

Its not like any normal secure network lets an attacker try 20 times. Just mistype a few characters and select them using the mouse to delete them - thereby increasing the number of attempts required exponentially.

WARNING

[JamesD_UK]

Security experts recommend you don't speak the name of the key you're hunting for as you type your password with a single finger.

good idea

[tont0r]

i like how they used basic methods of cryptanalysis in order to help find out what is what. an example is how they mentioned about the Digraphs such as TH from THE, which is a very common word. so its easy to pick out from the group because you can 'listen' for the space bar key and if only 3 keys are hit and they have been matching others, you can then find out what E is.
then lets say you find out whats THE is, then you find another word that is 5 letters that starts with 'THE', then you are going to find out what R is, then what I is (from there and their) and so on and so on. so good for them for just using basic methods :)

Great...

[crc32]

Now I'll need tinfoil wallpaper too, time to go to Cosco...

Re:Great...

[rtaylor]

Now I'll need tinfoil wallpaper too, time to go to Cosco...

Tinfoil was eliminated by the government and replaced with aluminum foil. Your wallpaper and hats only make you believe you're safe.

Re:Great...

[OzPeter]

If you knew your world history you would know that it was an early 20th century right wing plot to get the US to use aluminum instead of the aluminium that the rest of the world uses.

You see while aluminum looks and feels a lot like aluminium, it is actually a differant material, so much so that it cannot be used as a tinfoil hat replacement.

Thus by duping the US citizens into believing that aluminum was just as good as aluminium (and more patriotic for the country), the government easily gained the capability of reading all of your thoughts, even when you thought they couldn't [*]

As of now, the rest of English speaking world sits smuggly by wearing our aluminium foil hats, safe in the knowledge that our thoughts are secure.

[*] Unfortunatley there was a side effect to being able to read the thoughts of everyone in the US. The summaries of such thoughts are used to brief the president in order to help him direct policy. But starting with the Shiny Shiny movements of the mid 80's suceeding presidents have slowly become paralysed by the thoughts of the mass population. This has come to a head with GWB being briefed hourly about how the population feels about JLo and Bennifer, while other, more important items are ignored.

The only possible solution to this is to disband the remote thought readings, but when confronted with leftist radical ideas like this, the CIA/Industro-Military Complex reacts violently and labels such ideas as being the work of terrorists. (It should be noted that these people are known to have holdings of aluminium manufacturers in other countries, thus securing their *private* supply of aluminium foil hats).

Use ASCII numerics, or pound the keyboard at login

[ScentCone]

Honestly, I've always wondered about this. But then it occurs to be that you could type the ALT+Numeric equivalent of your password characters, just to throw off the bad guys. You know, ALT+100 = "d", etc. Or, just bang the drum slowly when entering the password - loud, thumpy keystrokes. Or put the keyboard in your lap momentarily to alter the acoustic signature.

Or, don't worry. I mean, realistically, what are the odds of this crack actually happening in the non-ultra-spooky world? And once you're in that playground, it's biometrics, smartcards, etc., anyway, right?

Easy Fix

[jatemack]

Just make a clicking noise with your tongue and the roof of your mouth as you type. It sounds almost identical, and you'll automatically sync the sound up with each keystroke.

Try it.

Crap! I use a Model M!

[allanc]

With these clicky buckling springs, they'll be able to sniff my password from miles away!

Different sounds

[Namronorman]

I notice that keys I use the most are the loudest and sound different, probably from wear. Stating that, how easy would this cracking method work on a brand new keyboard (or perhaps a laptop keyboard)?

Agent x86

[Molina+the+Bofh]

Be careful, chief. Lets type in the cone of silence.

Re:Berkley != Berkeley

[stinerman]

It is actually a typo on my part, not caught by Taco. The paper in question is from the CS Dept of UC Berkeley.

Now it's time to say goodbye, to all our company..

This reminds me of a sysop I once worked with. Every time he logged in you could clearly identify the rhythm of M-I-C-K-E-Y M-O-U-S-E. Sometimes he was even stupid enough to hum the tune as he typed it. And this idiot was one of the senior IT guys at a major oil company.

A little known fact

[Klowner]

It's also incredibly helpful when they mumble their password as they type it.

Step 6.

[Spy+der+Mann]

Make sure nobody does the same thing to you.

Re:Use ASCII numerics, or pound the keyboard at lo

[Psykechan]

I use the Dvorak layout myself. It would help prevent this in two ways.

1. The keystroke timing would be much different
2. Constantly making errors which require much backspace pressing

Been there, done that

[coyote-san]

25 years ago (gah!) I really freaked out my boss because I made a big production of turning my back to him as he typed the root password. I turned back and told him what he just typed.

It wasn't anything fancy, just familiarity with the sound that keyboard made and the usual pauses as fingers move to various keys.

I also used to be able to tell you what number was dialed from the touchtones.

P.S. a college friend said that he would occasionally talk to others in morse code after a long duty shift when he was in the military. Forget the nonsense in the introductory material - anyone who really knows morse code and knows it fast hears it as words. It's not hard to take the final step and speak it like you hear it.

I think so

[the_mighty_$]

This technique must be usable on most keyboards, because judging from this the FBI sometimes uses (or has used in the past) this technique. From the page:

Audio surveillance. This method is a variation of Attack #4. FBI technicians install an audio bug near your computer. The sounds generated by the keyboard can be analyzed. By comparing these sounds with the noises made during generation of a known piece of text, the FBI can often deduce your passphrase - or come so close that only a few characters need to be guessed.

Oh and by the way, that page was written in 1998, so these UC-Berkley students (and the /. editors) are about 7 years slow.

Re:I think so

These guys do it *without* the known piece of text though; as a statistician, I applaud them!

Re:I think so

[drew]

Even without RTFA:
The article details that their methods did not require a 'training text' in order to calibrate the conversion algorithm as has been used previously.
(emphasis mine)

They are acknowledging that what you describe has been possible for some time, but what they have been able to achieve different.

Re:I think so

[KillShill]

it was written in 1998 so that means the FBI were using it for oh, the past 20+ years.

do you think they would divulge their secrets if no one else knew? by 1998, just about every "security" and "intelligence" agency had already surpassed it.

Due South

[kannibal_klown]

I remember an episode of "Due South." It was a silly show, but at least somewhat entertaining. Anyway, one of the guys made an interesting point.

They were in the room when a guy typed in his password, they could see the keyboard or anything. Anyway, the mounty said that each key sounds slightly different. Anyway, after playing with the keyboard a few minutes he was able to guess it within a few tries.

Granted, the show as as fictitious as they come: "Canadians have computers!?!?" But it made some sense and afterwords I started playing with my keyboard I too realized most of them sounded slightly different.

However, I don't have "the ear" for such things (ie, I can't tell what phone number was pressed by the tone." I wonder if someone with a good enough ear can use this too their advantage though. Perhaps someone blind who's trained his ears well enough.

Then again, it's probably just a load.

Windows On Screen Keyboard

[Hoi+Polloi]

If you use Windows you can also use osk.exe (On Screen Keyboard) to enter your password, this will allow you to bypass the keyboard completely. This also assumes that you have taken precautions against TEMPEST and CRT diffuse visible light monitoring.

I just deduced a password from this article

[digitaldc]

it is 'password' It works about 25% of the time.

Re:...and it corrects typos!

[vertinox]

What is the USPS doing with this type of research?

To find methods to read your unopened mail by listening to it.

Extending this to 3 mircophones

[hcob$]

would probably jump the percentage much higher since then you could accoustically triangulate where the sound came from. Just a thought....

Don't panic

[ezweave]

While it is an interesting topic, controlled conditions are required for this to work correctly.

They use a deterministic method to find the next probable character for a given sequence. Deterministic in that if I type 't' and then type 'h' and there are only so many combinations available after that (this is the Markov chain part). Er basically a sort of decision coverage. That is used with the spell check dictionaries they mention for English text recognition. It is interesting too that they are using a neural network (though appropriate) to recognize the patterns. But because they did not make their own, the details are a bit brief.

The problem I see is that the password detection is not flushed out enough and based upon what they state, it is not as powerful as it sounds. The deterministic method won't work for all passwords (as they typically are not English). Their "analysis" is basically a speed up on a dictionary hack (it helps to know the size of the password from the keystrokes), eliminating possibilities by way of possible patterns. But what about special characters, does a shift+key sound that different? Mixed cases, etc? And the deterministic approach does not work if the password is random AND the network has to be trained for THAT persons typing style and keyboard. Is that likely?

I would be more worried about Van Eck Phreaking.

Phone eavesdropping

[jbum]

A prior paper by Asonov and Agrawal is also fascinating reading.

I assumed when I first heard about this that hi-fidelity microphones were employed, however, the researchers used cheap PC mics. In addition,
they speculate that eavesdropping over the phone is possible:

Another observation that can be made from the experiments is that higher frequencies are generally less informative. Of particular interest is the 300-3400 Hz interval telephone audio band. The relatively good ADCS for this interval in our experiments suggests that eavesdropping on
the clicks over the phone [...] is potentially possible.

It can't work for me...

[cyberbrown]

I write /whois and /away much more often than my passwords.
Yes, I'm IRC addicted...

And now let's check in on the FBI...

[halcyon1234]

... in their "Audio-Based Password Cracking Lab".

Here we see Agent Small and Agent Geoffries working on a real, live Password Hacking "Evesdrop Machine". If they can just hear enough of the nefarious criminal's activities, the can garner all of his secrets.

AS: Okay, we're getting something.
EM: *click click clickity click*
AG: What was that?
AS: It sounded like a URL. He must be going to a website. The machine will try to crack the URL.
EM: *click*
AG: That was a mouse click, wasn't it?
AS: Yup, not very helpful.
EM: *thump thump thump thump*
AG: What's that?
AS: It sounds like a hard and regular pounding of something. I can't quite make it out.
AG: Hey, the machine's got the url. www.ultimatepron....
EM: *thump thump thumpthumpthump...spalsh*
AG&AS: Ewwww!

Re:TEMPEST

[mikek2]

Apart from the fact that this is electromechanical rather than electronic, this *is* TEMPEST. I had a fair amount of TEMPEST training waaaay back in my military days (those damn 90's); I found it to be one of most the fascinating things I ever learned. Good site for an introduction

Passwords are obsolete

[marcybots]

Isnt it time that computer security experts just give up on the idea of passwords? Instead of trying to get users to use ever increasingly complex passwords they can never remember why dont we just invent a new system of security? Its obvious the password paradigm of computer security is not very effective, and we should move beyond it and start reaching for new ideas instead of fixing a flawed old one.

Re:Passwords are obsolete

[FhnuZoag]

Got a bright idea? Maybe we should just glue the user to the computer.