Introduce randommess in keypress timings
Travis Biehn
tbiehn at gmail.com
Tue Oct 6 05:55:58 PDT 2015
It's sort of like voice biometrics - two people can share the same 'feature
set' but you and your attacker (the person who has your banking password)
are 'unlikely' to.
It's not useful for positive identification by itself, out of that large
database there would be many collisions.
The content of text that you type, the words you use and your grammatical
structure contain more identifying bits.
-Travis
On Tue, Oct 6, 2015 at 8:03 AM, rysiek <rysiek at hackerspace.pl> wrote:
> Dnia poniedziałek, 5 października 2015 12:26:17 piszesz:
> > Rysiek,
> > https://en.wikipedia.org/wiki/Keystroke_dynamics
> >
> > We may first want to understand the minimum resolution that timing
> > requires. Keypress events can be randomized within this interval.
> >
> > Another track:
> > 170WPM ~= 42000 KPH ~= 11 KPS
> >
> > So, maybe we have 90ms delay on average between keystrokes for a speed
> > typist.
>
> Right.
>
> > I didn't realize you could use keystroke analysis to identify one person
> > out of a pool of millions, rather, that a certain keystroke pattern
> matches
> > as best a certain subset of users but it wouldn't be valuable/practical
> for
> > positive identification. Text analysis is probably a way more useful
> signal.
> >
> > In for more details,
>
> https://paul.reviews/behavioral-profiling-the-password-you-cant-change/
> http://www.behaviosec.com/technology/demos/
>
> I am still trying to wrap my head around it.
>
> --
> Pozdrawiam,
> Michał "rysiek" Woźniak
>
> Zmieniam klucz GPG :: http://rys.io/pl/147
> GPG Key Transition :: http://rys.io/en/147
>
--
Twitter <https://twitter.com/tbiehn> | LinkedIn
<http://www.linkedin.com/in/travisbiehn> | GitHub <http://github.com/tbiehn>
| TravisBiehn.com <http://www.travisbiehn.com> | Google Plus
<https://plus.google.com/+TravisBiehn>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3113 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20151006/fa89934d/attachment-0002.txt>
More information about the cypherpunks
mailing list