Some questions

reynt0 reynt0 at cs.albany.edu
Mon Aug 11 04:46:00 CEST 2008


On Fri, 8 Aug 2008, Alexander W. Janssen wrote:
  . . .
> Werner Koch wrote:
>> Further,
>> entering the passphrase is subject to side channel atatcks like should
>> surfing or recording the sound of the keyboard.
>
> Don't tell me there are actually real attacks by recording the sound of
> the keyboard...?! What does that mean, every key clicks differently?
  . . .

That's the idea as stated in reports I have read.  Keep
in mind that waveform (sound or light) analysis is *very*
advanced, and not grossly expensive, these days.  I don't
recall at this time whether a baseline of each key's sound
has also to be recorded as known sound signature, but I'd
guess some tactic(s) could be devised soon enough to work
around that.

Sound analysis reportedly can also be used to identify
individual keyboard users, by rate and intensity patterns
of typing.  And, alternatively, I've read rate of succession
of keystrokes can be a clue to how close they are to each
other on the keyboard (or maybe at least how sequentially
accessible they are given some user's hand size and skill).
IIRC, this was said to be usable to simplify trying to read
an encrypted stream assumed to consist of keystrokes, by
considering the pace of character succession.

So two-fingered simpleton typing, or carpal tunnel syndrome
typing, may be a protection :-) .  And I guess, type at
least your passwords, etc, in a way strange for you and for
your keyboard.




More information about the Gnupg-users mailing list