zlacker

Brilliant suggestion. Have a TRNG or a CSPRNG (if too poor for a TRNG) choose the next layout at random for you, ideally with every keystroke. Good luck cracking that!

replies(3): >>hoosie+i2 >>segfau+o2 >>mdp202+q2

>>glitch+(OP)
Even using Vim or Emacs would add some obufsCTRL[dbiobfuscation from all the spurious keystrokes.

>>glitch+(OP)
Some places use touchscreen keypads for PIN entry exactly for this reason: to allow randomization, e.g. for opening a locked door, or for authorizing a transaction.

replies(2): >>bee_ri+35 >>8note+z6

>>glitch+(OP)
Could be done by using a device with a display - e.g. an "ereader" - to present a random keyboard layout. But, good luck being efficient typing on that. At that point, better use a different input model.

Or, use techniques such as those in the article, such as random keypresses played during the actual ones.

replies(1): >>FireBe+nL

>>segfau+o2
That is interesting.

I’m sure it depends on the application to some extent. I can type my pin in without looking at all, so I can cover it up while doing it. If I had to hunt and peck, it’d easier for an onlooker to observe my slower motions I think.

But if I used the same machine often enough to produce wear specific to me, this randomization would be really useful.

replies(1): >>zootbo+9j

>>segfau+o2
Do they randomize the key locations though?

Otherwise, you leave behind grease where your fingers touched

replies(1): >>segfau+G9

>>8note+z6
Yes, the layout is randomized every time you use it.

>>bee_ri+35
I use a randomized PIN pad on my phone, and I've gotten quite used to it. I can enter my PIN almost as fast as I could on an unscrambled pad; it's definitely not hunting and pecking.

>>mdp202+q2
Some banks went through a phase of this - website would present an on screen keyboard for the password field with a randomized layout.

I'm sure customer frustration was huge.