At 01:24 PM 6/29/00 -0400, Eric Murray wrote:
>There's no way to determine key impact (how hard you hit
>tthe keys) with normal keyboards. Music keyboards measure
>key velocity, but computer keyboards don't.
MIDI QWERTY?
>Normal computer keyboards send make/break info to the OS. There is
>a keycode that's sent when the key is pressed down hard enough to close
>the switch, and a keycode sent when the switch is released.
Quantized and buffered to the temporal resolution of the keyboard upu and
cpu sampling
rate.
>between key strikes and the length of time that the keys are held down.
My 9 month old son is just discovering the difference between keypress and
keyrelease on a spring-powered toy..
> This tells me that the basic technology has a
>pretty high false reject rate and also would cause a problem when combined
>with their recommendation to lock the machine after three rejects...
>having the workstation lock up on 5%+ of logins would be unacceptable
>in most production environments (but hey, it's secure!).
Consider an economic benefit in having the security dude only facecheck
folks whose thumbs vary too much.
>They also require you to type in your password 15-18 times for enrollment.
So? Its a one-time thing. People sit through badges; they'll sit through
passwd retypes.
>An advatage to that is that in the process of typing the same word in
>many times you develop a pattern, and hopefully you will type in the same
>pattern in the future. That would increase the accuracy of the biometric.
Love that cerebellum.
>> I'm not sure about you, but I know for sure that I don't always type the
>> same.
Yee hah. Consider the shrunk laptop keyboard, or the funked-up left/right
angled
'natural keyboard'...
>If I am pissed
[in any sense of the word...]
>> Another thing to note, is that although these seems really secure - people
>> can 'train' themselves on how to type. We all originally learned (well,
>> _most_ of us) at one point in time - why couldn't someone muster up the
>> concentration to learn to type like their friend (or boss)?
Shoot, if you can record the pattern for practice you can replicate
it for spoofing.
>Learning how someone types and repeating it well enough to fool the
>algorithm might be easier to 'shoulder surf' than getting the keys
>themselves, especially for people who are hunt and peck typists.
>I think it'd be pretty hard for fast typists and longer passphrases.
1. You need to hear the rhythm and optically recover the chars.
2. Technology overwhelms meat attempts to be 'fast'.
