Date: Tue, 19 Mar 2002 23:38:28 +0100 From: Roelof Osinga <roelof@nisser.com> To: Richard Ward <mh@homenetweb.com> Cc: Chris Johnson <cjohnson@palomine.net>, security@FreeBSD.ORG Subject: Re: Safe SSH logins from public, untrusted Windows computers Message-ID: <3C97BDE4.8040301@nisser.com> References: <20020319144538.A42969@palomine.net> <001401c1cf81$b12976e0$0101a8c0@noc2>
next in thread | previous in thread | raw e-mail | index | archive | help
Richard Ward wrote: > Chris Johnson, > ... > If I could shoot a really crazy idea your way: What about using the > "Character Map" program included with Windows to slowly "type" out your > password? Though that would probably be cached long before you overwrite the > Clipboard. Since we're talking about wacky ideas, whatever happened to the one I'm about to state: "keypress timing". Well, maybe nobody ever thought of it, could happen, but I remember it as a way to recognize individuals. Like a signature. A hand drawn one, of course. What I mean is, can't a person be identified by having them type in some reasonable, well known, sentence. A simple program should suffice to calc some statistic which could then be used as a key to see if that person is likely to know the password when asked. So you take, say, 'Mary had a little lamb' as test sentence and then both that sentence as well as the timing digest or even the individual samples get transmitted as the "user ID". It could be beaten by a recording device, but not by a paste from the clipboard. Zany enough? Roelof -- _______________________________________________________________________ eBOAź est. 1982 http://eBOA.com/ tel. +31-58-2123014 mailto:info@eBOA.com?subject=Information_request fax. +31-58-2160293 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3C97BDE4.8040301>