How to set the passphrase that different keys are discriminable

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP












0















Can I change my phassword/-phrase('s settings) in a way that it's important which key of multpile ones (e. g. the left shift key instead of the right one) is chosen?



Could I go a step further and ask for a specific order of keystrokes and their combinations even if the result isn't visible if typed the passphrase in a(ny) text program (e. g. deleting text during input)?










share|improve this question


























    0















    Can I change my phassword/-phrase('s settings) in a way that it's important which key of multpile ones (e. g. the left shift key instead of the right one) is chosen?



    Could I go a step further and ask for a specific order of keystrokes and their combinations even if the result isn't visible if typed the passphrase in a(ny) text program (e. g. deleting text during input)?










    share|improve this question
























      0












      0








      0








      Can I change my phassword/-phrase('s settings) in a way that it's important which key of multpile ones (e. g. the left shift key instead of the right one) is chosen?



      Could I go a step further and ask for a specific order of keystrokes and their combinations even if the result isn't visible if typed the passphrase in a(ny) text program (e. g. deleting text during input)?










      share|improve this question














      Can I change my phassword/-phrase('s settings) in a way that it's important which key of multpile ones (e. g. the left shift key instead of the right one) is chosen?



      Could I go a step further and ask for a specific order of keystrokes and their combinations even if the result isn't visible if typed the passphrase in a(ny) text program (e. g. deleting text during input)?







      security password






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Jan 24 at 21:23









      NepumukNepumuk

      9612




      9612




















          3 Answers
          3






          active

          oldest

          votes


















          2














          DopeGhoti's answer (No!) is the correct one, as long as we're talking standard software, which means reading the passphrase as a single line of text which you can type any way you want (and even correct typos), until you hit Enter.



          That said, it's technically possible to distinguish Left/Right shift keys, as xev easily demonstrates. So as long as the keyboard itself sends different keycodes depending on which key was pressed, you could work with it - if you go to the trouble of creating your own wrapper that reads individual keystrokes instead of text.



          Going further, you could even add things like having to enter the passphrase in a specific rhythm, or whatever. Kind of like cheatcodes some old games used to have. You could even use a real game controller to input those...



          So (Yes!) almost anything is possible, but you'd have to develop a program that provides such functionality, and make it turn your desired input into a textual representation or hash, which can then be used as the passphrase. And the problem then is to make it such that the user has a realistic chance of re-producing the same representation/hash repeatedly.



          So if you do decide to turn your passphrase input into a rhythm game, it should allow some generous leeway. With a regular keyboard pressing shift twice (without typing a letter) is no harm done, how would your software deal with such misinputs?




          In any case, with effort, it's possible. The bigger question then, is whether there is any point in doing this. Distinguishing left/right shift key only adds 1 bit of entropy anyway. It doesn't seem very useful.



          Passphrase wrappers in general are not unheard of, it's done to support dedicated hardware for example (like integrating a yubikey challenge response). 2-factor authentication, high entropy passphrase, may be worth it.






          share|improve this answer






























            2














            No. Both Shift keys (presuming that your keyboard has two Shift keys, which is in no ways guaranteed) perform precisely the same operation when inputting text via keyboard input (notwithstanding extravagant ideas like remapping RShift to Compose or somesuch, but then it's not a Shift key any longer). An a is distinct from an A, but there is no way to distinguish an A created by RShift-A from one sent to input by LShift-A, or indeed from one sent by pasting from the clipboard, or entering a Unicode or ASCII code on the Numeric Keypad whilst holding Alt (in some configurations), or any of myriad possible means of sending text input. Once the A has been input, an A is an A is an A.






            share|improve this answer























            • Some packages (or websites sometimes) take the numbers from a number block differently than from the "number line" between the <kbd>F1</kbd> to <kbd>F12</kbd> row or the <kbd>PageUp</kbd>/<kbd>PageDown</kbd>/<kbd>Pos1</kbd>/<kbd>End</kbd> and the arrow keys from number block and from their counterpart keys. There's also <kbd>Return</kbd> and <kbd>Enter</kbd>(, which somehow could also make a difference, for their stroke signals that the phrase is to pass then)... Considering all keys, there are also <kbd>Ctrl</kbd>, the calc signs (+-*/,) and - as far as I know - mostly the MS Win keys.

              – Nepumuk
              Jan 24 at 21:42











            • Shift was only one example...

              – Nepumuk
              Jan 24 at 21:44












            • The point is that one a character is input, there is no way to distinguish by what means it had been input. There is no way to distinguish a * that had been entered with Shift+8 from one entered with the numeric keypad.

              – DopeGhoti
              Jan 24 at 21:54











            • E. g. VirtualBox's default host key is the right Ctrl key. The left one doesn't manage to exit the vm...

              – Nepumuk
              Feb 6 at 20:54






            • 1





              Reading hardware scancodes is different from comparing data which have been input. There is no "Ctrl" character, much less a "LCtrl" or "RCtrl" character to compare.

              – DopeGhoti
              Feb 6 at 21:58


















            2














            Not for passphrase, as it is just a sequence of bytes.



            As for password, then if you re-write the password authentication system (or just add a module). However you may break some stuff (e.g. sudo, and other stuff that nether you or I consider). The computer can read key-codes, and measure timing, but the standard password system, only stores a test-string. It could be adapted, but see the next paragraph.



            You are considering violating the first rule of security: “A security device must be hard for an attacker, and easy for a legitimate user.”
            This seem to make it hard for a legitimate user, and add very little difficulty for an attacker.



            Having said that, it could be a good exerciser, even if practically, it reduces security. A friend once wrote a login system that just measured how quickly he could press space (years later, I realised that this was a bio-metric system).






            share|improve this answer






















              Your Answer








              StackExchange.ready(function()
              var channelOptions =
              tags: "".split(" "),
              id: "106"
              ;
              initTagRenderer("".split(" "), "".split(" "), channelOptions);

              StackExchange.using("externalEditor", function()
              // Have to fire editor after snippets, if snippets enabled
              if (StackExchange.settings.snippets.snippetsEnabled)
              StackExchange.using("snippets", function()
              createEditor();
              );

              else
              createEditor();

              );

              function createEditor()
              StackExchange.prepareEditor(
              heartbeatType: 'answer',
              autoActivateHeartbeat: false,
              convertImagesToLinks: false,
              noModals: true,
              showLowRepImageUploadWarning: true,
              reputationToPostImages: null,
              bindNavPrevention: true,
              postfix: "",
              imageUploader:
              brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
              contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
              allowUrls: true
              ,
              onDemand: true,
              discardSelector: ".discard-answer"
              ,immediatelyShowMarkdownHelp:true
              );



              );













              draft saved

              draft discarded


















              StackExchange.ready(
              function ()
              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f496555%2fhow-to-set-the-passphrase-that-different-keys-are-discriminable%23new-answer', 'question_page');

              );

              Post as a guest















              Required, but never shown

























              3 Answers
              3






              active

              oldest

              votes








              3 Answers
              3






              active

              oldest

              votes









              active

              oldest

              votes






              active

              oldest

              votes









              2














              DopeGhoti's answer (No!) is the correct one, as long as we're talking standard software, which means reading the passphrase as a single line of text which you can type any way you want (and even correct typos), until you hit Enter.



              That said, it's technically possible to distinguish Left/Right shift keys, as xev easily demonstrates. So as long as the keyboard itself sends different keycodes depending on which key was pressed, you could work with it - if you go to the trouble of creating your own wrapper that reads individual keystrokes instead of text.



              Going further, you could even add things like having to enter the passphrase in a specific rhythm, or whatever. Kind of like cheatcodes some old games used to have. You could even use a real game controller to input those...



              So (Yes!) almost anything is possible, but you'd have to develop a program that provides such functionality, and make it turn your desired input into a textual representation or hash, which can then be used as the passphrase. And the problem then is to make it such that the user has a realistic chance of re-producing the same representation/hash repeatedly.



              So if you do decide to turn your passphrase input into a rhythm game, it should allow some generous leeway. With a regular keyboard pressing shift twice (without typing a letter) is no harm done, how would your software deal with such misinputs?




              In any case, with effort, it's possible. The bigger question then, is whether there is any point in doing this. Distinguishing left/right shift key only adds 1 bit of entropy anyway. It doesn't seem very useful.



              Passphrase wrappers in general are not unheard of, it's done to support dedicated hardware for example (like integrating a yubikey challenge response). 2-factor authentication, high entropy passphrase, may be worth it.






              share|improve this answer



























                2














                DopeGhoti's answer (No!) is the correct one, as long as we're talking standard software, which means reading the passphrase as a single line of text which you can type any way you want (and even correct typos), until you hit Enter.



                That said, it's technically possible to distinguish Left/Right shift keys, as xev easily demonstrates. So as long as the keyboard itself sends different keycodes depending on which key was pressed, you could work with it - if you go to the trouble of creating your own wrapper that reads individual keystrokes instead of text.



                Going further, you could even add things like having to enter the passphrase in a specific rhythm, or whatever. Kind of like cheatcodes some old games used to have. You could even use a real game controller to input those...



                So (Yes!) almost anything is possible, but you'd have to develop a program that provides such functionality, and make it turn your desired input into a textual representation or hash, which can then be used as the passphrase. And the problem then is to make it such that the user has a realistic chance of re-producing the same representation/hash repeatedly.



                So if you do decide to turn your passphrase input into a rhythm game, it should allow some generous leeway. With a regular keyboard pressing shift twice (without typing a letter) is no harm done, how would your software deal with such misinputs?




                In any case, with effort, it's possible. The bigger question then, is whether there is any point in doing this. Distinguishing left/right shift key only adds 1 bit of entropy anyway. It doesn't seem very useful.



                Passphrase wrappers in general are not unheard of, it's done to support dedicated hardware for example (like integrating a yubikey challenge response). 2-factor authentication, high entropy passphrase, may be worth it.






                share|improve this answer

























                  2












                  2








                  2







                  DopeGhoti's answer (No!) is the correct one, as long as we're talking standard software, which means reading the passphrase as a single line of text which you can type any way you want (and even correct typos), until you hit Enter.



                  That said, it's technically possible to distinguish Left/Right shift keys, as xev easily demonstrates. So as long as the keyboard itself sends different keycodes depending on which key was pressed, you could work with it - if you go to the trouble of creating your own wrapper that reads individual keystrokes instead of text.



                  Going further, you could even add things like having to enter the passphrase in a specific rhythm, or whatever. Kind of like cheatcodes some old games used to have. You could even use a real game controller to input those...



                  So (Yes!) almost anything is possible, but you'd have to develop a program that provides such functionality, and make it turn your desired input into a textual representation or hash, which can then be used as the passphrase. And the problem then is to make it such that the user has a realistic chance of re-producing the same representation/hash repeatedly.



                  So if you do decide to turn your passphrase input into a rhythm game, it should allow some generous leeway. With a regular keyboard pressing shift twice (without typing a letter) is no harm done, how would your software deal with such misinputs?




                  In any case, with effort, it's possible. The bigger question then, is whether there is any point in doing this. Distinguishing left/right shift key only adds 1 bit of entropy anyway. It doesn't seem very useful.



                  Passphrase wrappers in general are not unheard of, it's done to support dedicated hardware for example (like integrating a yubikey challenge response). 2-factor authentication, high entropy passphrase, may be worth it.






                  share|improve this answer













                  DopeGhoti's answer (No!) is the correct one, as long as we're talking standard software, which means reading the passphrase as a single line of text which you can type any way you want (and even correct typos), until you hit Enter.



                  That said, it's technically possible to distinguish Left/Right shift keys, as xev easily demonstrates. So as long as the keyboard itself sends different keycodes depending on which key was pressed, you could work with it - if you go to the trouble of creating your own wrapper that reads individual keystrokes instead of text.



                  Going further, you could even add things like having to enter the passphrase in a specific rhythm, or whatever. Kind of like cheatcodes some old games used to have. You could even use a real game controller to input those...



                  So (Yes!) almost anything is possible, but you'd have to develop a program that provides such functionality, and make it turn your desired input into a textual representation or hash, which can then be used as the passphrase. And the problem then is to make it such that the user has a realistic chance of re-producing the same representation/hash repeatedly.



                  So if you do decide to turn your passphrase input into a rhythm game, it should allow some generous leeway. With a regular keyboard pressing shift twice (without typing a letter) is no harm done, how would your software deal with such misinputs?




                  In any case, with effort, it's possible. The bigger question then, is whether there is any point in doing this. Distinguishing left/right shift key only adds 1 bit of entropy anyway. It doesn't seem very useful.



                  Passphrase wrappers in general are not unheard of, it's done to support dedicated hardware for example (like integrating a yubikey challenge response). 2-factor authentication, high entropy passphrase, may be worth it.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Jan 24 at 22:38









                  frostschutzfrostschutz

                  26.9k15584




                  26.9k15584























                      2














                      No. Both Shift keys (presuming that your keyboard has two Shift keys, which is in no ways guaranteed) perform precisely the same operation when inputting text via keyboard input (notwithstanding extravagant ideas like remapping RShift to Compose or somesuch, but then it's not a Shift key any longer). An a is distinct from an A, but there is no way to distinguish an A created by RShift-A from one sent to input by LShift-A, or indeed from one sent by pasting from the clipboard, or entering a Unicode or ASCII code on the Numeric Keypad whilst holding Alt (in some configurations), or any of myriad possible means of sending text input. Once the A has been input, an A is an A is an A.






                      share|improve this answer























                      • Some packages (or websites sometimes) take the numbers from a number block differently than from the "number line" between the <kbd>F1</kbd> to <kbd>F12</kbd> row or the <kbd>PageUp</kbd>/<kbd>PageDown</kbd>/<kbd>Pos1</kbd>/<kbd>End</kbd> and the arrow keys from number block and from their counterpart keys. There's also <kbd>Return</kbd> and <kbd>Enter</kbd>(, which somehow could also make a difference, for their stroke signals that the phrase is to pass then)... Considering all keys, there are also <kbd>Ctrl</kbd>, the calc signs (+-*/,) and - as far as I know - mostly the MS Win keys.

                        – Nepumuk
                        Jan 24 at 21:42











                      • Shift was only one example...

                        – Nepumuk
                        Jan 24 at 21:44












                      • The point is that one a character is input, there is no way to distinguish by what means it had been input. There is no way to distinguish a * that had been entered with Shift+8 from one entered with the numeric keypad.

                        – DopeGhoti
                        Jan 24 at 21:54











                      • E. g. VirtualBox's default host key is the right Ctrl key. The left one doesn't manage to exit the vm...

                        – Nepumuk
                        Feb 6 at 20:54






                      • 1





                        Reading hardware scancodes is different from comparing data which have been input. There is no "Ctrl" character, much less a "LCtrl" or "RCtrl" character to compare.

                        – DopeGhoti
                        Feb 6 at 21:58















                      2














                      No. Both Shift keys (presuming that your keyboard has two Shift keys, which is in no ways guaranteed) perform precisely the same operation when inputting text via keyboard input (notwithstanding extravagant ideas like remapping RShift to Compose or somesuch, but then it's not a Shift key any longer). An a is distinct from an A, but there is no way to distinguish an A created by RShift-A from one sent to input by LShift-A, or indeed from one sent by pasting from the clipboard, or entering a Unicode or ASCII code on the Numeric Keypad whilst holding Alt (in some configurations), or any of myriad possible means of sending text input. Once the A has been input, an A is an A is an A.






                      share|improve this answer























                      • Some packages (or websites sometimes) take the numbers from a number block differently than from the "number line" between the <kbd>F1</kbd> to <kbd>F12</kbd> row or the <kbd>PageUp</kbd>/<kbd>PageDown</kbd>/<kbd>Pos1</kbd>/<kbd>End</kbd> and the arrow keys from number block and from their counterpart keys. There's also <kbd>Return</kbd> and <kbd>Enter</kbd>(, which somehow could also make a difference, for their stroke signals that the phrase is to pass then)... Considering all keys, there are also <kbd>Ctrl</kbd>, the calc signs (+-*/,) and - as far as I know - mostly the MS Win keys.

                        – Nepumuk
                        Jan 24 at 21:42











                      • Shift was only one example...

                        – Nepumuk
                        Jan 24 at 21:44












                      • The point is that one a character is input, there is no way to distinguish by what means it had been input. There is no way to distinguish a * that had been entered with Shift+8 from one entered with the numeric keypad.

                        – DopeGhoti
                        Jan 24 at 21:54











                      • E. g. VirtualBox's default host key is the right Ctrl key. The left one doesn't manage to exit the vm...

                        – Nepumuk
                        Feb 6 at 20:54






                      • 1





                        Reading hardware scancodes is different from comparing data which have been input. There is no "Ctrl" character, much less a "LCtrl" or "RCtrl" character to compare.

                        – DopeGhoti
                        Feb 6 at 21:58













                      2












                      2








                      2







                      No. Both Shift keys (presuming that your keyboard has two Shift keys, which is in no ways guaranteed) perform precisely the same operation when inputting text via keyboard input (notwithstanding extravagant ideas like remapping RShift to Compose or somesuch, but then it's not a Shift key any longer). An a is distinct from an A, but there is no way to distinguish an A created by RShift-A from one sent to input by LShift-A, or indeed from one sent by pasting from the clipboard, or entering a Unicode or ASCII code on the Numeric Keypad whilst holding Alt (in some configurations), or any of myriad possible means of sending text input. Once the A has been input, an A is an A is an A.






                      share|improve this answer













                      No. Both Shift keys (presuming that your keyboard has two Shift keys, which is in no ways guaranteed) perform precisely the same operation when inputting text via keyboard input (notwithstanding extravagant ideas like remapping RShift to Compose or somesuch, but then it's not a Shift key any longer). An a is distinct from an A, but there is no way to distinguish an A created by RShift-A from one sent to input by LShift-A, or indeed from one sent by pasting from the clipboard, or entering a Unicode or ASCII code on the Numeric Keypad whilst holding Alt (in some configurations), or any of myriad possible means of sending text input. Once the A has been input, an A is an A is an A.







                      share|improve this answer












                      share|improve this answer



                      share|improve this answer










                      answered Jan 24 at 21:29









                      DopeGhotiDopeGhoti

                      45.5k55988




                      45.5k55988












                      • Some packages (or websites sometimes) take the numbers from a number block differently than from the "number line" between the <kbd>F1</kbd> to <kbd>F12</kbd> row or the <kbd>PageUp</kbd>/<kbd>PageDown</kbd>/<kbd>Pos1</kbd>/<kbd>End</kbd> and the arrow keys from number block and from their counterpart keys. There's also <kbd>Return</kbd> and <kbd>Enter</kbd>(, which somehow could also make a difference, for their stroke signals that the phrase is to pass then)... Considering all keys, there are also <kbd>Ctrl</kbd>, the calc signs (+-*/,) and - as far as I know - mostly the MS Win keys.

                        – Nepumuk
                        Jan 24 at 21:42











                      • Shift was only one example...

                        – Nepumuk
                        Jan 24 at 21:44












                      • The point is that one a character is input, there is no way to distinguish by what means it had been input. There is no way to distinguish a * that had been entered with Shift+8 from one entered with the numeric keypad.

                        – DopeGhoti
                        Jan 24 at 21:54











                      • E. g. VirtualBox's default host key is the right Ctrl key. The left one doesn't manage to exit the vm...

                        – Nepumuk
                        Feb 6 at 20:54






                      • 1





                        Reading hardware scancodes is different from comparing data which have been input. There is no "Ctrl" character, much less a "LCtrl" or "RCtrl" character to compare.

                        – DopeGhoti
                        Feb 6 at 21:58

















                      • Some packages (or websites sometimes) take the numbers from a number block differently than from the "number line" between the <kbd>F1</kbd> to <kbd>F12</kbd> row or the <kbd>PageUp</kbd>/<kbd>PageDown</kbd>/<kbd>Pos1</kbd>/<kbd>End</kbd> and the arrow keys from number block and from their counterpart keys. There's also <kbd>Return</kbd> and <kbd>Enter</kbd>(, which somehow could also make a difference, for their stroke signals that the phrase is to pass then)... Considering all keys, there are also <kbd>Ctrl</kbd>, the calc signs (+-*/,) and - as far as I know - mostly the MS Win keys.

                        – Nepumuk
                        Jan 24 at 21:42











                      • Shift was only one example...

                        – Nepumuk
                        Jan 24 at 21:44












                      • The point is that one a character is input, there is no way to distinguish by what means it had been input. There is no way to distinguish a * that had been entered with Shift+8 from one entered with the numeric keypad.

                        – DopeGhoti
                        Jan 24 at 21:54











                      • E. g. VirtualBox's default host key is the right Ctrl key. The left one doesn't manage to exit the vm...

                        – Nepumuk
                        Feb 6 at 20:54






                      • 1





                        Reading hardware scancodes is different from comparing data which have been input. There is no "Ctrl" character, much less a "LCtrl" or "RCtrl" character to compare.

                        – DopeGhoti
                        Feb 6 at 21:58
















                      Some packages (or websites sometimes) take the numbers from a number block differently than from the "number line" between the <kbd>F1</kbd> to <kbd>F12</kbd> row or the <kbd>PageUp</kbd>/<kbd>PageDown</kbd>/<kbd>Pos1</kbd>/<kbd>End</kbd> and the arrow keys from number block and from their counterpart keys. There's also <kbd>Return</kbd> and <kbd>Enter</kbd>(, which somehow could also make a difference, for their stroke signals that the phrase is to pass then)... Considering all keys, there are also <kbd>Ctrl</kbd>, the calc signs (+-*/,) and - as far as I know - mostly the MS Win keys.

                      – Nepumuk
                      Jan 24 at 21:42





                      Some packages (or websites sometimes) take the numbers from a number block differently than from the "number line" between the <kbd>F1</kbd> to <kbd>F12</kbd> row or the <kbd>PageUp</kbd>/<kbd>PageDown</kbd>/<kbd>Pos1</kbd>/<kbd>End</kbd> and the arrow keys from number block and from their counterpart keys. There's also <kbd>Return</kbd> and <kbd>Enter</kbd>(, which somehow could also make a difference, for their stroke signals that the phrase is to pass then)... Considering all keys, there are also <kbd>Ctrl</kbd>, the calc signs (+-*/,) and - as far as I know - mostly the MS Win keys.

                      – Nepumuk
                      Jan 24 at 21:42













                      Shift was only one example...

                      – Nepumuk
                      Jan 24 at 21:44






                      Shift was only one example...

                      – Nepumuk
                      Jan 24 at 21:44














                      The point is that one a character is input, there is no way to distinguish by what means it had been input. There is no way to distinguish a * that had been entered with Shift+8 from one entered with the numeric keypad.

                      – DopeGhoti
                      Jan 24 at 21:54





                      The point is that one a character is input, there is no way to distinguish by what means it had been input. There is no way to distinguish a * that had been entered with Shift+8 from one entered with the numeric keypad.

                      – DopeGhoti
                      Jan 24 at 21:54













                      E. g. VirtualBox's default host key is the right Ctrl key. The left one doesn't manage to exit the vm...

                      – Nepumuk
                      Feb 6 at 20:54





                      E. g. VirtualBox's default host key is the right Ctrl key. The left one doesn't manage to exit the vm...

                      – Nepumuk
                      Feb 6 at 20:54




                      1




                      1





                      Reading hardware scancodes is different from comparing data which have been input. There is no "Ctrl" character, much less a "LCtrl" or "RCtrl" character to compare.

                      – DopeGhoti
                      Feb 6 at 21:58





                      Reading hardware scancodes is different from comparing data which have been input. There is no "Ctrl" character, much less a "LCtrl" or "RCtrl" character to compare.

                      – DopeGhoti
                      Feb 6 at 21:58











                      2














                      Not for passphrase, as it is just a sequence of bytes.



                      As for password, then if you re-write the password authentication system (or just add a module). However you may break some stuff (e.g. sudo, and other stuff that nether you or I consider). The computer can read key-codes, and measure timing, but the standard password system, only stores a test-string. It could be adapted, but see the next paragraph.



                      You are considering violating the first rule of security: “A security device must be hard for an attacker, and easy for a legitimate user.”
                      This seem to make it hard for a legitimate user, and add very little difficulty for an attacker.



                      Having said that, it could be a good exerciser, even if practically, it reduces security. A friend once wrote a login system that just measured how quickly he could press space (years later, I realised that this was a bio-metric system).






                      share|improve this answer



























                        2














                        Not for passphrase, as it is just a sequence of bytes.



                        As for password, then if you re-write the password authentication system (or just add a module). However you may break some stuff (e.g. sudo, and other stuff that nether you or I consider). The computer can read key-codes, and measure timing, but the standard password system, only stores a test-string. It could be adapted, but see the next paragraph.



                        You are considering violating the first rule of security: “A security device must be hard for an attacker, and easy for a legitimate user.”
                        This seem to make it hard for a legitimate user, and add very little difficulty for an attacker.



                        Having said that, it could be a good exerciser, even if practically, it reduces security. A friend once wrote a login system that just measured how quickly he could press space (years later, I realised that this was a bio-metric system).






                        share|improve this answer

























                          2












                          2








                          2







                          Not for passphrase, as it is just a sequence of bytes.



                          As for password, then if you re-write the password authentication system (or just add a module). However you may break some stuff (e.g. sudo, and other stuff that nether you or I consider). The computer can read key-codes, and measure timing, but the standard password system, only stores a test-string. It could be adapted, but see the next paragraph.



                          You are considering violating the first rule of security: “A security device must be hard for an attacker, and easy for a legitimate user.”
                          This seem to make it hard for a legitimate user, and add very little difficulty for an attacker.



                          Having said that, it could be a good exerciser, even if practically, it reduces security. A friend once wrote a login system that just measured how quickly he could press space (years later, I realised that this was a bio-metric system).






                          share|improve this answer













                          Not for passphrase, as it is just a sequence of bytes.



                          As for password, then if you re-write the password authentication system (or just add a module). However you may break some stuff (e.g. sudo, and other stuff that nether you or I consider). The computer can read key-codes, and measure timing, but the standard password system, only stores a test-string. It could be adapted, but see the next paragraph.



                          You are considering violating the first rule of security: “A security device must be hard for an attacker, and easy for a legitimate user.”
                          This seem to make it hard for a legitimate user, and add very little difficulty for an attacker.



                          Having said that, it could be a good exerciser, even if practically, it reduces security. A friend once wrote a login system that just measured how quickly he could press space (years later, I realised that this was a bio-metric system).







                          share|improve this answer












                          share|improve this answer



                          share|improve this answer










                          answered Jan 24 at 22:35









                          ctrl-alt-delorctrl-alt-delor

                          11.3k42058




                          11.3k42058



























                              draft saved

                              draft discarded
















































                              Thanks for contributing an answer to Unix & Linux Stack Exchange!


                              • Please be sure to answer the question. Provide details and share your research!

                              But avoid


                              • Asking for help, clarification, or responding to other answers.

                              • Making statements based on opinion; back them up with references or personal experience.

                              To learn more, see our tips on writing great answers.




                              draft saved


                              draft discarded














                              StackExchange.ready(
                              function ()
                              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f496555%2fhow-to-set-the-passphrase-that-different-keys-are-discriminable%23new-answer', 'question_page');

                              );

                              Post as a guest















                              Required, but never shown





















































                              Required, but never shown














                              Required, but never shown












                              Required, but never shown







                              Required, but never shown

































                              Required, but never shown














                              Required, but never shown












                              Required, but never shown







                              Required, but never shown






                              Popular posts from this blog

                              How to check contact read email or not when send email to Individual?

                              Displaying single band from multi-band raster using QGIS

                              How many registers does an x86_64 CPU actually have?