Some questions

David SMITH dave.smith at st.com
Fri Aug 8 17:44:35 CEST 2008


On Fri, Aug 08, 2008 at 05:12:49PM +0200, Alexander W. Janssen wrote:
> Don't tell me there are actually real attacks by recording the sound of
> the keyboard...?! What does that mean, every key clicks differently?

Sounds like an interesting student project... :-)

Some keys certainly sound different; the space bar for one.  Shift, Enter
and Backspace all have distinctive sounds, especially as Shift is
depressed before pressing another key, and then released.  If a user is
using a passphrase made up of space-separated words, then knowing where
the spaces are reduces the search space considerably, as does knowing
when the shift key is pressed.

If the attacker is able to get two microphones set up in useful locations,
they might even be able to analyze the stereoscopic differences between
the two recordings to gain some idea of which area of the keyboard each
keypress is made.  Even if it's only "left half" or "right half", that
divides the search space by 2^number_of_keypresses.

The technique doesn't have to be absolutely perfect; just good enough to
reduce the search space down to something that can realistically be
brute-forced.

Like I said, interesting project... :-)

-- 
David Smith        | Tel: +44 (0)1454 462380    Home: +44 (0)1454 616963
STMicroelectronics | Fax: +44 (0)1454 462305  Mobile: +44 (0)7932 642724
1000 Aztec West    | TINA: 065 2380          GPG Key: 0xF13192F2
Almondsbury        | Work Email: Dave.Smith at st.com
BRISTOL, BS32 4SQ  | Home Email: David.Smith at ds-electronics.co.uk



More information about the Gnupg-users mailing list