At 11:41 AM -0400 6/29/00, dmolnar wrote:
>On Thu, 29 Jun 2000, Benjamin M. Brewer wrote:
>
>> Another thing to note, is that although these seems really secure - people
>> can 'train' themselves on how to type. We all originally learned (well,
>> _most_ of us) at one point in time - why couldn't someone muster up the
>> concentration to learn to type like their friend (or boss)?
>>
>
>biometric identification by typing pattern has shown up in science fiction
>from time to time. Now we will see a new kind of superhero : instead of a
>shapeshifter, a man who can effortlessly mimic the typing patterns of
>others, smoothly taking over their identities, skipping from host to host
>as the city sleeps.
>
>No, seriously, this gets at the question of how to prevent false negatives
>(rejecting you when you are in a fit of rage - although maybe that isn't
>so bad :) without increasing false positives (allowing someone to do a
>poor imitation of you and get away with it). Presumably these guys believe
>they have an acceptable solution. Hopefully they've thought about this.
>We'll see what happens...
I'm skeptical that the false negatives can be kept low enough without
letting in too many false positives. (In terms of bits of entropy,
there just isn't enough range in typing.)
When I enter pass phrases, for example, I usually do it v-e-r-y_
s-l-o-w-l-y. As I do it more, I start touch typing the pass phrase. I
cannot believe that there are enough "bits of entropy" (bits of
distinguishability) that do no overlap with others!
To put it another way, while handwriting has some chance of
extracting enough points of distinguishability, in the shapes,
slants, pressure points, etc., all a keyboard pattern extractor can
extract is the timing of the keys. Pressure, finger angles, etc., are
not transmitted from the keyboard...only the timings are. And my
timing varies a lot, depending on my mood, the angle of the keyboard
in my lap, and the aforementioned slowness in typing pass phrases.
I haven't looked at the scheme John Young was referring to. Maybe
they want a user to type a series of phrases, even entire paragraphs.
Good luck on selling _this_ to harried users.
--Tim May
--
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May | Crypto Anarchy: encryption, digital money,
ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets,
"Cyphernomicon" | black markets, collapse of governments.
