| ▲ | Freak_NL 15 hours ago |
| Yes… We're in the same room as the target… Let's look at their screen and see how long their password is. Or, we could just look at the keyboard as they type and gain a lot more information. In an absolute sense not showing anything is safer. But it never really matters and just acts as a paper cut for all. |
|
| ▲ | darkwater 14 hours ago | parent | next [-] |
| And just sticking to counting, a not exceptionally well-trained ear could already count how many letters you typed and if you pressed backspace (at least with the double-width backspace, sound is definitely different) |
| |
| ▲ | elcritch 13 hours ago | parent [-] | | Yeah I recall that there was an attack researchers demonstrated years back of using recordings of typing with an AI model to predict the typed text with some accuracy. Something to do with the timings of letter pairings, among other things. | | |
| ▲ | vova_hn2 5 hours ago | parent [-] | | 93% - 95% accuracy and it wasn't even a good quality recording > When trained on keystrokes recorded by a nearby phone, the classifier achieved an accuracy of 95%, the highest accuracy seen without the use of a language model. When trained on keystrokes recorded using the video-conferencing software Zoom, an accuracy of 93% was achieved, a new best for the medium. https://arxiv.org/abs/2308.01074 | | |
| ▲ | 3eb7988a1663 4 hours ago | parent [-] | | Notably, I believe this has to be tuned to each specific environment. The acoustics of your keyboard are going to be different from mine. Which is not much of a barrier, given a long enough session where you can presumably record them typing non password-y things. |
|
|
|
|
| ▲ | SapporoChris 13 hours ago | parent | prev [-] |
| "Let's look at their screen and see how long their password is." This article is about silent sudo. Have you ever watched a fast touch typist, someone that does over 100 words per minute? Someone who might be using an keyboard layout that you're not familiar with? When the full password is entered in less than a second it can be very difficult to discern what they typed unless you're actually recording with video. But sure, if you're watching someone who types with one finger. Yes, I can see that. |
| |
| ▲ | Freak_NL 13 hours ago | parent [-] | | How is learning only the length of the password better than watching someone type it? Besides, observe that several times and you might get close. Look at the stars several times and learn nothing beyond what you learned the first time. This whole type of attack hinges on the user using weak passwords with predictable elements in any case. |
|
