Eugen Leitl wrote
Link: http://slashdot.org/article.pl?sid=05/09/13/1644259 Posted by: CmdrTaco, on 2005-09-13 17:04:00
from the but-i-love-clicky-keyboards dept. [1]stinerman writes "Three students at UC-Berkley used a 10 minute [2]recording of a keyboard to recover 96% of the characters typed during the session. The article details that their methods did not require a 'training text' in order to calibrate the conversion algorithm as has been used previously. The [3]research paper [PDF] notes that '90% of 5-character random passwords using only letters can be generated in fewer than 20 attempts by an adversary; 80% of 10-character passwords can be generated in fewer than 75 attempts.'"
This technique is decades old. I read an account of the British Secret Service (MI5? 6?) installing a bugged phone next to a cable machine in the London Soviet Embassy in the late 70's, but the events described took place earlier - perhaps in the 60s. Peter Trei