digg

Join DiggAbout

Discover and share the best of the web!
Learn more about Digg by taking the tour.

Logins are More Secure with Typing Rhythm Recognition

blog.light-of-reason.com — When you type, there is a distinct rhythm used by each unique user. By combining the identification of this rhythm with other security tactics, a program is able to determine a user’s identity, making the login process more secure.

Bury
show profanity settings
expand all
  • NX910a, on 10/12/2007, -5/+3Upper case letters, lower case letters, and numbers seem good enough; extra security should not be necessary if you are careful and know what you are doing.

    Let's say your password is ten alphanumeric characters long. There are 24 upper case letters, and 24 lower case letters, along with nine numerals.
    That makes 24 + 24 + 9 = 55 possibilities for each character. Ten characters = 55^10 = about 2.53 x 10^17, or 253,000,000,000,000,000 different possibilities.

    Now, let's pretend I am a hacker. Every minute, I make 30 attempts (.5 attempts per second), using a random string of ten characters, which amounts to 43,200 attempts each day. 2.53 x 10^17 / 43,200 = 5.85 x 10^12 days, or about 16,000,000,000 years. In other words, you would have to wait an amount of several times greater then the age of the known universe in order to be certain to crack the password.

    Even if you used 24 random lower case letters only (which is not even recommended), that's 24^10 possibilities, or 6.34 x 10^13. At 30 attempts/min, it would still take about 4,000,000 years to be certain to crack it.

    Don't feel too comfortable now, though, I can crack your two-character lower-case only password in about 19.2 minutes. (: Also, remember not to use character strings that appear in a dictionary
    • cankillar, on 10/12/2007, -4/+1Or just use a password in a different language. >:)
    • GawtMilk, on 10/12/2007, -0/+11) You don't know if it's upper-case only, lower-case only or a mix of both
      2) You don't know if it contains special characters
      3) Strings in a dictionary or not, you can have leet speak
      4) If I want use the phrase "rainraingoawaycomebackanotherday", it still contains strings from a dictionary and all lower-case, but it's going to take you a helluva long time to use your lame script-kiddy password cracker. I could ***** you over by changing it to "RainRainGoAwayComeBackAnotherDay".
    • rompom7, on 10/12/2007, -0/+5NX910a: "Every minute, I make 30 attempts (.5 attempts per second)"

      If you get a hold of the hash of the password (not hard in most cases), you can make thousands of attempts per second.

      This system would be good for highly secure logins... Like banks, etc. But doesn't seem to have a practical everyday use.
    • dtd00d, on 10/12/2007, -0/+1HELMET All right, give to me.
      ROLAND The combination is (hesitates) one (one! one!)... two (two! two!)... three (three! three!)... four (four! four!)... five (five! five!).
      Dark Helmet: So the combination is one, two, three, four, five. (lifts mask) That's the stupidest combination I've ever heard in my life! That's the kind of thing an idiot would have on his luggage!
      . . .
      Skroob: Great. Now we can take every last breath fresh air from planet Druidia. What's the combination?
      Colonel Sandurz: One, two, three, four, five.
      Skroob: One, two, three, four, five? That's amazing. I've got the same combination on my luggage!

      /comment abuse
  • jakebouma, on 10/12/2007, -0/+9It's only a matter of time until someone realizes that I type my passwords to the rhythm of "Holla Back Girl"...
    • cyclonesworld, on 10/12/2007, -0/+3I was trying to type this reply to that rhythm and it's actually pretty hard. Thinking about the rhythm I started typing out the lyrics. Maybe it's cause I've gots no rhythm? :(
    • dtd00d, on 10/12/2007, -0/+1So are you never gonna dance again?
  • micahman, on 10/12/2007, -1/+4What if you don't got no rhythm?
  • and1, on 10/12/2007, -0/+3I wonder how many diggers have 'digg' as their password...
    • Agret, on 10/12/2007, -0/+1You can be sure it's less than the number of diggers that have 'password' as their password, 'digg' is too hard to remember!
  • mushy99, on 10/12/2007, -0/+1Actually, as a hacker myself, I have made and collected a few programs which exploit the rhythm used to break passwords on a sniffed network. The problem is that many of the rhythms are predictable to such as extent that you can get 80% of the letters typed by analyzing the gaps between key presses. This obviously only works on protocols which send the packet after each key press.
  • Xorsist, on 10/12/2007, -0/+1What if you break your arm or something, and you "rhythm" is affected.
    • mushy99, on 10/12/2007, -0/+1Or your neck and you have no rhythm?
  •  

    Login or register to add a comment

    Create a new account or login to join in the conversation on Digg. You'll also be able to Digg stories to help promote things you like.


© Digg Inc. 2008 — Content posted by Digg users is dedicated to the public domain.
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.