It's sort of like voice biometrics - two people can share the same 'feature set' but you and your attacker (the person who has your banking password) are 'unlikely' to. It's not useful for positive identification by itself, out of that large database there would be many collisions. The content of text that you type, the words you use and your grammatical structure contain more identifying bits. -Travis On Tue, Oct 6, 2015 at 8:03 AM, rysiek <rysiek@hackerspace.pl> wrote:
Dnia poniedziałek, 5 października 2015 12:26:17 piszesz:
Rysiek, https://en.wikipedia.org/wiki/Keystroke_dynamics
We may first want to understand the minimum resolution that timing requires. Keypress events can be randomized within this interval.
Another track: 170WPM ~= 42000 KPH ~= 11 KPS
So, maybe we have 90ms delay on average between keystrokes for a speed typist.
Right.
I didn't realize you could use keystroke analysis to identify one person out of a pool of millions, rather, that a certain keystroke pattern matches as best a certain subset of users but it wouldn't be valuable/practical for positive identification. Text analysis is probably a way more useful signal.
In for more details,
https://paul.reviews/behavioral-profiling-the-password-you-cant-change/ http://www.behaviosec.com/technology/demos/
I am still trying to wrap my head around it.
-- Pozdrawiam, Michał "rysiek" Woźniak
Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147
-- Twitter <https://twitter.com/tbiehn> | LinkedIn <http://www.linkedin.com/in/travisbiehn> | GitHub <http://github.com/tbiehn> | TravisBiehn.com <http://www.travisbiehn.com> | Google Plus <https://plus.google.com/+TravisBiehn>