zlacker

[return to "New acoustic attack steals data from keystrokes with 95% accuracy"]
1. thedoo+2w[view] [source] 2023-08-05 19:48:06
>>mikece+(OP)
I don't use the qwerty layout, I use colemak. Likely this mitigates this for myself.
◧◩
2. bqmjjx+rw[view] [source] 2023-08-05 19:51:29
>>thedoo+2w
This is just security through obscurity. For real security, you need a cryptographically rolling keyboard layout.
◧◩◪
3. glitch+8y[view] [source] 2023-08-05 20:05:57
>>bqmjjx+rw
Brilliant suggestion. Have a TRNG or a CSPRNG (if too poor for a TRNG) choose the next layout at random for you, ideally with every keystroke. Good luck cracking that!
◧◩◪◨
4. segfau+wA[view] [source] 2023-08-05 20:23:57
>>glitch+8y
Some places use touchscreen keypads for PIN entry exactly for this reason: to allow randomization, e.g. for opening a locked door, or for authorizing a transaction.
◧◩◪◨⬒
5. bee_ri+bD[view] [source] 2023-08-05 20:45:31
>>segfau+wA
That is interesting.

I’m sure it depends on the application to some extent. I can type my pin in without looking at all, so I can cover it up while doing it. If I had to hunt and peck, it’d easier for an onlooker to observe my slower motions I think.

But if I used the same machine often enough to produce wear specific to me, this randomization would be really useful.

◧◩◪◨⬒⬓
6. zootbo+hR[view] [source] 2023-08-05 22:50:26
>>bee_ri+bD
I use a randomized PIN pad on my phone, and I've gotten quite used to it. I can enter my PIN almost as fast as I could on an unscrambled pad; it's definitely not hunting and pecking.
[go to top]