From owner-freebsd-security  Tue Mar 19 19:11:52 2002
Delivered-To: freebsd-security@freebsd.org
Received: from frl.nisser.com (c0039.upc-c.chello.nl [212.187.0.39])
	by hub.freebsd.org (Postfix) with ESMTP id 4FA2937B405
	for <security@FreeBSD.ORG>; Tue, 19 Mar 2002 19:11:49 -0800 (PST)
Received: from nisser.com (roelof.nisser.com [10.0.0.2])
	by frl.nisser.com (Postfix) with ESMTP
	id 49EC5EA92; Wed, 20 Mar 2002 04:07:27 +0100 (CET)
Message-ID: <3C97FCEF.6050304@nisser.com>
Date: Wed, 20 Mar 2002 04:07:27 +0100
From: Roelof Osinga <roelof@nisser.com>
Organization: eBOA - Programming the Web
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.9) Gecko/20020311
X-Accept-Language: en,pdf
MIME-Version: 1.0
To: Matt Piechota <piechota@argolis.org>
Cc: Richard Ward <mh@homenetweb.com>,
	Chris Johnson <cjohnson@palomine.net>, security@FreeBSD.ORG
Subject: Re: Safe SSH logins from public, untrusted Windows computers
References: <20020319175854.N14039-100000@cithaeron.argolis.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Matt Piechota wrote:
> On Tue, 19 Mar 2002, Roelof Osinga wrote:
 >
>> ...
> 
> The only problem I see is keyboards being different.  I personally type
> much quicker on IBM101 (the old-school ones) than my laptop.
> 

Maybe, maybe not. I'm thinking candence here. Like an autograph will
still be personal because of pressure and relative acceleration and
stuff (yep, did not really pay attention that time :), so could typing
be thanks to ones rhythm.

Too bad keyboards don't come with (gradient) pressure sensitive  key ;).
Yet.

Still... if it ain't got that (i.e. your) swing, it don't mean a thing!

The absolute speed might differ wildly, but would the same hold for the
relative interkey speed patterns? As long as we're not talking dvorak,
german, french or whatever key layouts ones typing rhythm should be more
or less equal. Just sped up or slowed down a bit, is all.

But if it is feasible then all passwords, or rather usernames as first
line of defence, could be one-pass. Just select a random sentence out
of some some suitable volume and ask for it to be typed in.

Roelof

-- 
_______________________________________________________________________
eBOAź                                               est. 1982
http://eBOA.com/                                    tel. +31-58-2123014
mailto:info@eBOA.com?subject=Information_request    fax. +31-58-2160293


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message