On Fri, Aug 08, 2008 at 05:12:49PM +0200, Alexander W. Janssen wrote: > Don't tell me there are actually real attacks by recording the sound of > the keyboard...?! What does that mean, every key clicks differently?
Sounds like an interesting student project... :-) Some keys certainly sound different; the space bar for one. Shift, Enter and Backspace all have distinctive sounds, especially as Shift is depressed before pressing another key, and then released. If a user is using a passphrase made up of space-separated words, then knowing where the spaces are reduces the search space considerably, as does knowing when the shift key is pressed. If the attacker is able to get two microphones set up in useful locations, they might even be able to analyze the stereoscopic differences between the two recordings to gain some idea of which area of the keyboard each keypress is made. Even if it's only "left half" or "right half", that divides the search space by 2^number_of_keypresses. The technique doesn't have to be absolutely perfect; just good enough to reduce the search space down to something that can realistically be brute-forced. Like I said, interesting project... :-) -- David Smith | Tel: +44 (0)1454 462380 Home: +44 (0)1454 616963 STMicroelectronics | Fax: +44 (0)1454 462305 Mobile: +44 (0)7932 642724 1000 Aztec West | TINA: 065 2380 GPG Key: 0xF13192F2 Almondsbury | Work Email: [EMAIL PROTECTED] BRISTOL, BS32 4SQ | Home Email: [EMAIL PROTECTED] _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
