It's sort of like voice biometrics - two people can share the same 'feature set' but you and your attacker (the person who has your banking password) are 'unlikely' to.

It's not useful for positive identification by itself, out of that large database there would be many collisions.

The content of text that you type, the words you use and your grammatical structure contain more identifying bits.

-Travis

On Tue, Oct 6, 2015 at 8:03 AM, rysiek <rysiek@hackerspace.pl> wrote:

Dnia poniedziałek, 5 października 2015 12:26:17 piszesz:
> Rysiek,
> https://en.wikipedia.org/wiki/Keystroke_dynamics
>
> We may first want to understand the minimum resolution that timing
> requires. Keypress events can be randomized within this interval.
>
> Another track:
> 170WPM ~= 42000 KPH ~= 11 KPS
>
> So, maybe we have 90ms delay on average between keystrokes for a speed
> typist.

Right.

> I didn't realize you could use keystroke analysis to identify one person
> out of a pool of millions, rather, that a certain keystroke pattern matches
> as best a certain subset of users but it wouldn't be valuable/practical for
> positive identification. Text analysis is probably a way more useful signal.
>
> In for more details,

https://paul.reviews/behavioral-profiling-the-password-you-cant-change/
http://www.behaviosec.com/technology/demos/

I am still trying to wrap my head around it.

--
Pozdrawiam,
Michał "rysiek" Woźniak

Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147

Twitter | LinkedIn | GitHub | TravisBiehn.com | Google Plus