/. [Keyboard Sound Aids Password Cracking]
Trei, Peter
ptrei at rsasecurity.com
Wed Sep 14 07:06:21 PDT 2005
Eugen Leitl wrote
>
> Link: http://slashdot.org/article.pl?sid=05/09/13/1644259
> Posted by: CmdrTaco, on 2005-09-13 17:04:00
>
> from the but-i-love-clicky-keyboards dept.
> [1]stinerman writes "Three students at UC-Berkley used a 10 minute
> [2]recording of a keyboard to recover 96% of the characters typed
> during the session. The article details that their methods did not
> require a 'training text' in order to calibrate the conversion
> algorithm as has been used previously. The [3]research paper [PDF]
> notes that '90% of 5-character random passwords using only
> letters can
> be generated in fewer than 20 attempts by an adversary; 80% of
> 10-character passwords can be generated in fewer than 75
> attempts.'"
This technique is decades old. I read an account of the British
Secret Service (MI5? 6?) installing a bugged phone next to a
cable machine in the London Soviet Embassy in the late 70's, but
the events described took place earlier - perhaps in the 60s.
Peter Trei
More information about the cypherpunks-legacy
mailing list