WingNews logo WingNews
top | item 37015690

(no title)

thedookmaster | 2 years ago

I don't use the qwerty layout, I use colemak. Likely this mitigates this for myself.

discuss

order

bqmjjx0kac|2 years ago

This is just security through obscurity. For real security, you need a cryptographically rolling keyboard layout.

raffraffraff|2 years ago

My sister in law uses voice recognition and dictation software, so she doesn't even use a keyboard! Totally safe!

usrusr|2 years ago

Whereas for practical security, having some common substring in all your passwords that you don't type but insert through some global hotkey would be just fine as a mitigation against eavesdrop attacks.

Yes, that's also obscurity, but obscurity is actually good - it only got a (deservedly) bad reputation from when it gets used as a substitute (but I fail to see how using a nonstandard keyboard layout would even count as obscurity in the context of an audio attack, as the clear text reference would surely go through the same layout?)

glitchc|2 years ago

Brilliant suggestion. Have a TRNG or a CSPRNG (if too poor for a TRNG) choose the next layout at random for you, ideally with every keystroke. Good luck cracking that!

kmeisthax|2 years ago

...wait, are you telling me Konami shuffling the touch input for e-Amusement PINs[0] was a good idea!?

[0] Okay... deep breath

Konami is a pachinko manufacturer with a side hustle making rhythm games for Japanese arcades. They have an online service that all their games connect to called e-Amusement. You can log into it using an e-Amusement Pass card, and your card is locked to a PIN number you have to set up when you first use it. Cabinets with touchscreens give you a touch keypad, except all the digits are shuffled around, which is a total pain in the ass and you have to do this for every credit.

xpe|2 years ago

Indeed. Let me add that how your fingers come into contact with the keys is probably just as important. I recommend a cryptographically rolling choice of dustballs, crumbs, and boogers.

raincole|2 years ago

Why not just a keyboard that produces random noise?

dns_snek|2 years ago

I'm pretty confident that statistical analysis would give away your layout (assuming there's enough data), I wouldn't be so sure.

6510|2 years ago

Stealing your layout.

schaefer|2 years ago

At least it would have, until just now, when you recklessly disclosed your secret keyboard layout. :P

insanitybit|2 years ago

That's the equivalent of a shift cipher with a well known offset.

bunga-bunga|2 years ago

This specific attack could also be easily mitigated by dictating your passwords instead.

wildrhythms|2 years ago

Couldn't they just translate the detected keystrokes to colemak layout?

dragonmost|2 years ago

Yes but you would have to know or try all possible layout

xxs|2 years ago

this is a targeted attack, it won't do much at all.