How to set the passphrase that different keys are discriminable
Clash Royale CLAN TAG#URR8PPP
Can I change my phassword/-phrase('s settings) in a way that it's important which key of multpile ones (e. g. the left shift
key instead of the right one) is chosen?
Could I go a step further and ask for a specific order of keystrokes and their combinations even if the result isn't visible if typed the passphrase in a(ny) text program (e. g. deleting text during input)?
security password
add a comment |
Can I change my phassword/-phrase('s settings) in a way that it's important which key of multpile ones (e. g. the left shift
key instead of the right one) is chosen?
Could I go a step further and ask for a specific order of keystrokes and their combinations even if the result isn't visible if typed the passphrase in a(ny) text program (e. g. deleting text during input)?
security password
add a comment |
Can I change my phassword/-phrase('s settings) in a way that it's important which key of multpile ones (e. g. the left shift
key instead of the right one) is chosen?
Could I go a step further and ask for a specific order of keystrokes and their combinations even if the result isn't visible if typed the passphrase in a(ny) text program (e. g. deleting text during input)?
security password
Can I change my phassword/-phrase('s settings) in a way that it's important which key of multpile ones (e. g. the left shift
key instead of the right one) is chosen?
Could I go a step further and ask for a specific order of keystrokes and their combinations even if the result isn't visible if typed the passphrase in a(ny) text program (e. g. deleting text during input)?
security password
security password
asked Jan 24 at 21:23
NepumukNepumuk
9612
9612
add a comment |
add a comment |
3 Answers
3
active
oldest
votes
DopeGhoti's answer (No!) is the correct one, as long as we're talking standard software, which means reading the passphrase as a single line of text which you can type any way you want (and even correct typos), until you hit Enter.
That said, it's technically possible to distinguish Left/Right shift keys, as xev
easily demonstrates. So as long as the keyboard itself sends different keycodes depending on which key was pressed, you could work with it - if you go to the trouble of creating your own wrapper that reads individual keystrokes instead of text.
Going further, you could even add things like having to enter the passphrase in a specific rhythm, or whatever. Kind of like cheatcodes some old games used to have. You could even use a real game controller to input those...
So (Yes!) almost anything is possible, but you'd have to develop a program that provides such functionality, and make it turn your desired input into a textual representation or hash, which can then be used as the passphrase. And the problem then is to make it such that the user has a realistic chance of re-producing the same representation/hash repeatedly.
So if you do decide to turn your passphrase input into a rhythm game, it should allow some generous leeway. With a regular keyboard pressing shift twice (without typing a letter) is no harm done, how would your software deal with such misinputs?
In any case, with effort, it's possible. The bigger question then, is whether there is any point in doing this. Distinguishing left/right shift key only adds 1 bit of entropy anyway. It doesn't seem very useful.
Passphrase wrappers in general are not unheard of, it's done to support dedicated hardware for example (like integrating a yubikey challenge response). 2-factor authentication, high entropy passphrase, may be worth it.
add a comment |
No. Both Shift keys (presuming that your keyboard has two Shift keys, which is in no ways guaranteed) perform precisely the same operation when inputting text via keyboard input (notwithstanding extravagant ideas like remapping RShift to Compose or somesuch, but then it's not a Shift key any longer). An a
is distinct from an A
, but there is no way to distinguish an A
created by RShift-A from one sent to input by LShift-A, or indeed from one sent by pasting from the clipboard, or entering a Unicode or ASCII code on the Numeric Keypad whilst holding Alt (in some configurations), or any of myriad possible means of sending text input. Once the A
has been input, an A
is an A
is an A
.
Some packages (or websites sometimes) take the numbers from a number block differently than from the "number line" between the <kbd>F1</kbd> to <kbd>F12</kbd> row or the <kbd>PageUp</kbd>/<kbd>PageDown</kbd>/<kbd>Pos1</kbd>/<kbd>End</kbd> and the arrow keys from number block and from their counterpart keys. There's also <kbd>Return</kbd> and <kbd>Enter</kbd>(, which somehow could also make a difference, for their stroke signals that the phrase is to pass then)... Considering all keys, there are also <kbd>Ctrl</kbd>, the calc signs (+-*/,
) and - as far as I know - mostly theMS Win
keys.
– Nepumuk
Jan 24 at 21:42
Shift was only one example...
– Nepumuk
Jan 24 at 21:44
The point is that one a character is input, there is no way to distinguish by what means it had been input. There is no way to distinguish a*
that had been entered with Shift+8 from one entered with the numeric keypad.
– DopeGhoti
Jan 24 at 21:54
E. g. VirtualBox's default host key is the right Ctrl key. The left one doesn't manage to exit the vm...
– Nepumuk
Feb 6 at 20:54
1
Reading hardware scancodes is different from comparing data which have been input. There is no "Ctrl" character, much less a "LCtrl" or "RCtrl" character to compare.
– DopeGhoti
Feb 6 at 21:58
add a comment |
Not for passphrase, as it is just a sequence of bytes.
As for password, then if you re-write the password authentication system (or just add a module). However you may break some stuff (e.g. sudo, and other stuff that nether you or I consider). The computer can read key-codes, and measure timing, but the standard password system, only stores a test-string. It could be adapted, but see the next paragraph.
You are considering violating the first rule of security: “A security device must be hard for an attacker, and easy for a legitimate user.”
This seem to make it hard for a legitimate user, and add very little difficulty for an attacker.
Having said that, it could be a good exerciser, even if practically, it reduces security. A friend once wrote a login system that just measured how quickly he could press space (years later, I realised that this was a bio-metric system).
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f496555%2fhow-to-set-the-passphrase-that-different-keys-are-discriminable%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
DopeGhoti's answer (No!) is the correct one, as long as we're talking standard software, which means reading the passphrase as a single line of text which you can type any way you want (and even correct typos), until you hit Enter.
That said, it's technically possible to distinguish Left/Right shift keys, as xev
easily demonstrates. So as long as the keyboard itself sends different keycodes depending on which key was pressed, you could work with it - if you go to the trouble of creating your own wrapper that reads individual keystrokes instead of text.
Going further, you could even add things like having to enter the passphrase in a specific rhythm, or whatever. Kind of like cheatcodes some old games used to have. You could even use a real game controller to input those...
So (Yes!) almost anything is possible, but you'd have to develop a program that provides such functionality, and make it turn your desired input into a textual representation or hash, which can then be used as the passphrase. And the problem then is to make it such that the user has a realistic chance of re-producing the same representation/hash repeatedly.
So if you do decide to turn your passphrase input into a rhythm game, it should allow some generous leeway. With a regular keyboard pressing shift twice (without typing a letter) is no harm done, how would your software deal with such misinputs?
In any case, with effort, it's possible. The bigger question then, is whether there is any point in doing this. Distinguishing left/right shift key only adds 1 bit of entropy anyway. It doesn't seem very useful.
Passphrase wrappers in general are not unheard of, it's done to support dedicated hardware for example (like integrating a yubikey challenge response). 2-factor authentication, high entropy passphrase, may be worth it.
add a comment |
DopeGhoti's answer (No!) is the correct one, as long as we're talking standard software, which means reading the passphrase as a single line of text which you can type any way you want (and even correct typos), until you hit Enter.
That said, it's technically possible to distinguish Left/Right shift keys, as xev
easily demonstrates. So as long as the keyboard itself sends different keycodes depending on which key was pressed, you could work with it - if you go to the trouble of creating your own wrapper that reads individual keystrokes instead of text.
Going further, you could even add things like having to enter the passphrase in a specific rhythm, or whatever. Kind of like cheatcodes some old games used to have. You could even use a real game controller to input those...
So (Yes!) almost anything is possible, but you'd have to develop a program that provides such functionality, and make it turn your desired input into a textual representation or hash, which can then be used as the passphrase. And the problem then is to make it such that the user has a realistic chance of re-producing the same representation/hash repeatedly.
So if you do decide to turn your passphrase input into a rhythm game, it should allow some generous leeway. With a regular keyboard pressing shift twice (without typing a letter) is no harm done, how would your software deal with such misinputs?
In any case, with effort, it's possible. The bigger question then, is whether there is any point in doing this. Distinguishing left/right shift key only adds 1 bit of entropy anyway. It doesn't seem very useful.
Passphrase wrappers in general are not unheard of, it's done to support dedicated hardware for example (like integrating a yubikey challenge response). 2-factor authentication, high entropy passphrase, may be worth it.
add a comment |
DopeGhoti's answer (No!) is the correct one, as long as we're talking standard software, which means reading the passphrase as a single line of text which you can type any way you want (and even correct typos), until you hit Enter.
That said, it's technically possible to distinguish Left/Right shift keys, as xev
easily demonstrates. So as long as the keyboard itself sends different keycodes depending on which key was pressed, you could work with it - if you go to the trouble of creating your own wrapper that reads individual keystrokes instead of text.
Going further, you could even add things like having to enter the passphrase in a specific rhythm, or whatever. Kind of like cheatcodes some old games used to have. You could even use a real game controller to input those...
So (Yes!) almost anything is possible, but you'd have to develop a program that provides such functionality, and make it turn your desired input into a textual representation or hash, which can then be used as the passphrase. And the problem then is to make it such that the user has a realistic chance of re-producing the same representation/hash repeatedly.
So if you do decide to turn your passphrase input into a rhythm game, it should allow some generous leeway. With a regular keyboard pressing shift twice (without typing a letter) is no harm done, how would your software deal with such misinputs?
In any case, with effort, it's possible. The bigger question then, is whether there is any point in doing this. Distinguishing left/right shift key only adds 1 bit of entropy anyway. It doesn't seem very useful.
Passphrase wrappers in general are not unheard of, it's done to support dedicated hardware for example (like integrating a yubikey challenge response). 2-factor authentication, high entropy passphrase, may be worth it.
DopeGhoti's answer (No!) is the correct one, as long as we're talking standard software, which means reading the passphrase as a single line of text which you can type any way you want (and even correct typos), until you hit Enter.
That said, it's technically possible to distinguish Left/Right shift keys, as xev
easily demonstrates. So as long as the keyboard itself sends different keycodes depending on which key was pressed, you could work with it - if you go to the trouble of creating your own wrapper that reads individual keystrokes instead of text.
Going further, you could even add things like having to enter the passphrase in a specific rhythm, or whatever. Kind of like cheatcodes some old games used to have. You could even use a real game controller to input those...
So (Yes!) almost anything is possible, but you'd have to develop a program that provides such functionality, and make it turn your desired input into a textual representation or hash, which can then be used as the passphrase. And the problem then is to make it such that the user has a realistic chance of re-producing the same representation/hash repeatedly.
So if you do decide to turn your passphrase input into a rhythm game, it should allow some generous leeway. With a regular keyboard pressing shift twice (without typing a letter) is no harm done, how would your software deal with such misinputs?
In any case, with effort, it's possible. The bigger question then, is whether there is any point in doing this. Distinguishing left/right shift key only adds 1 bit of entropy anyway. It doesn't seem very useful.
Passphrase wrappers in general are not unheard of, it's done to support dedicated hardware for example (like integrating a yubikey challenge response). 2-factor authentication, high entropy passphrase, may be worth it.
answered Jan 24 at 22:38
frostschutzfrostschutz
26.9k15584
26.9k15584
add a comment |
add a comment |
No. Both Shift keys (presuming that your keyboard has two Shift keys, which is in no ways guaranteed) perform precisely the same operation when inputting text via keyboard input (notwithstanding extravagant ideas like remapping RShift to Compose or somesuch, but then it's not a Shift key any longer). An a
is distinct from an A
, but there is no way to distinguish an A
created by RShift-A from one sent to input by LShift-A, or indeed from one sent by pasting from the clipboard, or entering a Unicode or ASCII code on the Numeric Keypad whilst holding Alt (in some configurations), or any of myriad possible means of sending text input. Once the A
has been input, an A
is an A
is an A
.
Some packages (or websites sometimes) take the numbers from a number block differently than from the "number line" between the <kbd>F1</kbd> to <kbd>F12</kbd> row or the <kbd>PageUp</kbd>/<kbd>PageDown</kbd>/<kbd>Pos1</kbd>/<kbd>End</kbd> and the arrow keys from number block and from their counterpart keys. There's also <kbd>Return</kbd> and <kbd>Enter</kbd>(, which somehow could also make a difference, for their stroke signals that the phrase is to pass then)... Considering all keys, there are also <kbd>Ctrl</kbd>, the calc signs (+-*/,
) and - as far as I know - mostly theMS Win
keys.
– Nepumuk
Jan 24 at 21:42
Shift was only one example...
– Nepumuk
Jan 24 at 21:44
The point is that one a character is input, there is no way to distinguish by what means it had been input. There is no way to distinguish a*
that had been entered with Shift+8 from one entered with the numeric keypad.
– DopeGhoti
Jan 24 at 21:54
E. g. VirtualBox's default host key is the right Ctrl key. The left one doesn't manage to exit the vm...
– Nepumuk
Feb 6 at 20:54
1
Reading hardware scancodes is different from comparing data which have been input. There is no "Ctrl" character, much less a "LCtrl" or "RCtrl" character to compare.
– DopeGhoti
Feb 6 at 21:58
add a comment |
No. Both Shift keys (presuming that your keyboard has two Shift keys, which is in no ways guaranteed) perform precisely the same operation when inputting text via keyboard input (notwithstanding extravagant ideas like remapping RShift to Compose or somesuch, but then it's not a Shift key any longer). An a
is distinct from an A
, but there is no way to distinguish an A
created by RShift-A from one sent to input by LShift-A, or indeed from one sent by pasting from the clipboard, or entering a Unicode or ASCII code on the Numeric Keypad whilst holding Alt (in some configurations), or any of myriad possible means of sending text input. Once the A
has been input, an A
is an A
is an A
.
Some packages (or websites sometimes) take the numbers from a number block differently than from the "number line" between the <kbd>F1</kbd> to <kbd>F12</kbd> row or the <kbd>PageUp</kbd>/<kbd>PageDown</kbd>/<kbd>Pos1</kbd>/<kbd>End</kbd> and the arrow keys from number block and from their counterpart keys. There's also <kbd>Return</kbd> and <kbd>Enter</kbd>(, which somehow could also make a difference, for their stroke signals that the phrase is to pass then)... Considering all keys, there are also <kbd>Ctrl</kbd>, the calc signs (+-*/,
) and - as far as I know - mostly theMS Win
keys.
– Nepumuk
Jan 24 at 21:42
Shift was only one example...
– Nepumuk
Jan 24 at 21:44
The point is that one a character is input, there is no way to distinguish by what means it had been input. There is no way to distinguish a*
that had been entered with Shift+8 from one entered with the numeric keypad.
– DopeGhoti
Jan 24 at 21:54
E. g. VirtualBox's default host key is the right Ctrl key. The left one doesn't manage to exit the vm...
– Nepumuk
Feb 6 at 20:54
1
Reading hardware scancodes is different from comparing data which have been input. There is no "Ctrl" character, much less a "LCtrl" or "RCtrl" character to compare.
– DopeGhoti
Feb 6 at 21:58
add a comment |
No. Both Shift keys (presuming that your keyboard has two Shift keys, which is in no ways guaranteed) perform precisely the same operation when inputting text via keyboard input (notwithstanding extravagant ideas like remapping RShift to Compose or somesuch, but then it's not a Shift key any longer). An a
is distinct from an A
, but there is no way to distinguish an A
created by RShift-A from one sent to input by LShift-A, or indeed from one sent by pasting from the clipboard, or entering a Unicode or ASCII code on the Numeric Keypad whilst holding Alt (in some configurations), or any of myriad possible means of sending text input. Once the A
has been input, an A
is an A
is an A
.
No. Both Shift keys (presuming that your keyboard has two Shift keys, which is in no ways guaranteed) perform precisely the same operation when inputting text via keyboard input (notwithstanding extravagant ideas like remapping RShift to Compose or somesuch, but then it's not a Shift key any longer). An a
is distinct from an A
, but there is no way to distinguish an A
created by RShift-A from one sent to input by LShift-A, or indeed from one sent by pasting from the clipboard, or entering a Unicode or ASCII code on the Numeric Keypad whilst holding Alt (in some configurations), or any of myriad possible means of sending text input. Once the A
has been input, an A
is an A
is an A
.
answered Jan 24 at 21:29
DopeGhotiDopeGhoti
45.5k55988
45.5k55988
Some packages (or websites sometimes) take the numbers from a number block differently than from the "number line" between the <kbd>F1</kbd> to <kbd>F12</kbd> row or the <kbd>PageUp</kbd>/<kbd>PageDown</kbd>/<kbd>Pos1</kbd>/<kbd>End</kbd> and the arrow keys from number block and from their counterpart keys. There's also <kbd>Return</kbd> and <kbd>Enter</kbd>(, which somehow could also make a difference, for their stroke signals that the phrase is to pass then)... Considering all keys, there are also <kbd>Ctrl</kbd>, the calc signs (+-*/,
) and - as far as I know - mostly theMS Win
keys.
– Nepumuk
Jan 24 at 21:42
Shift was only one example...
– Nepumuk
Jan 24 at 21:44
The point is that one a character is input, there is no way to distinguish by what means it had been input. There is no way to distinguish a*
that had been entered with Shift+8 from one entered with the numeric keypad.
– DopeGhoti
Jan 24 at 21:54
E. g. VirtualBox's default host key is the right Ctrl key. The left one doesn't manage to exit the vm...
– Nepumuk
Feb 6 at 20:54
1
Reading hardware scancodes is different from comparing data which have been input. There is no "Ctrl" character, much less a "LCtrl" or "RCtrl" character to compare.
– DopeGhoti
Feb 6 at 21:58
add a comment |
Some packages (or websites sometimes) take the numbers from a number block differently than from the "number line" between the <kbd>F1</kbd> to <kbd>F12</kbd> row or the <kbd>PageUp</kbd>/<kbd>PageDown</kbd>/<kbd>Pos1</kbd>/<kbd>End</kbd> and the arrow keys from number block and from their counterpart keys. There's also <kbd>Return</kbd> and <kbd>Enter</kbd>(, which somehow could also make a difference, for their stroke signals that the phrase is to pass then)... Considering all keys, there are also <kbd>Ctrl</kbd>, the calc signs (+-*/,
) and - as far as I know - mostly theMS Win
keys.
– Nepumuk
Jan 24 at 21:42
Shift was only one example...
– Nepumuk
Jan 24 at 21:44
The point is that one a character is input, there is no way to distinguish by what means it had been input. There is no way to distinguish a*
that had been entered with Shift+8 from one entered with the numeric keypad.
– DopeGhoti
Jan 24 at 21:54
E. g. VirtualBox's default host key is the right Ctrl key. The left one doesn't manage to exit the vm...
– Nepumuk
Feb 6 at 20:54
1
Reading hardware scancodes is different from comparing data which have been input. There is no "Ctrl" character, much less a "LCtrl" or "RCtrl" character to compare.
– DopeGhoti
Feb 6 at 21:58
Some packages (or websites sometimes) take the numbers from a number block differently than from the "number line" between the <kbd>F1</kbd> to <kbd>F12</kbd> row or the <kbd>PageUp</kbd>/<kbd>PageDown</kbd>/<kbd>Pos1</kbd>/<kbd>End</kbd> and the arrow keys from number block and from their counterpart keys. There's also <kbd>Return</kbd> and <kbd>Enter</kbd>(, which somehow could also make a difference, for their stroke signals that the phrase is to pass then)... Considering all keys, there are also <kbd>Ctrl</kbd>, the calc signs (
+-*/,
) and - as far as I know - mostly the MS Win
keys.– Nepumuk
Jan 24 at 21:42
Some packages (or websites sometimes) take the numbers from a number block differently than from the "number line" between the <kbd>F1</kbd> to <kbd>F12</kbd> row or the <kbd>PageUp</kbd>/<kbd>PageDown</kbd>/<kbd>Pos1</kbd>/<kbd>End</kbd> and the arrow keys from number block and from their counterpart keys. There's also <kbd>Return</kbd> and <kbd>Enter</kbd>(, which somehow could also make a difference, for their stroke signals that the phrase is to pass then)... Considering all keys, there are also <kbd>Ctrl</kbd>, the calc signs (
+-*/,
) and - as far as I know - mostly the MS Win
keys.– Nepumuk
Jan 24 at 21:42
Shift was only one example...
– Nepumuk
Jan 24 at 21:44
Shift was only one example...
– Nepumuk
Jan 24 at 21:44
The point is that one a character is input, there is no way to distinguish by what means it had been input. There is no way to distinguish a
*
that had been entered with Shift+8 from one entered with the numeric keypad.– DopeGhoti
Jan 24 at 21:54
The point is that one a character is input, there is no way to distinguish by what means it had been input. There is no way to distinguish a
*
that had been entered with Shift+8 from one entered with the numeric keypad.– DopeGhoti
Jan 24 at 21:54
E. g. VirtualBox's default host key is the right Ctrl key. The left one doesn't manage to exit the vm...
– Nepumuk
Feb 6 at 20:54
E. g. VirtualBox's default host key is the right Ctrl key. The left one doesn't manage to exit the vm...
– Nepumuk
Feb 6 at 20:54
1
1
Reading hardware scancodes is different from comparing data which have been input. There is no "Ctrl" character, much less a "LCtrl" or "RCtrl" character to compare.
– DopeGhoti
Feb 6 at 21:58
Reading hardware scancodes is different from comparing data which have been input. There is no "Ctrl" character, much less a "LCtrl" or "RCtrl" character to compare.
– DopeGhoti
Feb 6 at 21:58
add a comment |
Not for passphrase, as it is just a sequence of bytes.
As for password, then if you re-write the password authentication system (or just add a module). However you may break some stuff (e.g. sudo, and other stuff that nether you or I consider). The computer can read key-codes, and measure timing, but the standard password system, only stores a test-string. It could be adapted, but see the next paragraph.
You are considering violating the first rule of security: “A security device must be hard for an attacker, and easy for a legitimate user.”
This seem to make it hard for a legitimate user, and add very little difficulty for an attacker.
Having said that, it could be a good exerciser, even if practically, it reduces security. A friend once wrote a login system that just measured how quickly he could press space (years later, I realised that this was a bio-metric system).
add a comment |
Not for passphrase, as it is just a sequence of bytes.
As for password, then if you re-write the password authentication system (or just add a module). However you may break some stuff (e.g. sudo, and other stuff that nether you or I consider). The computer can read key-codes, and measure timing, but the standard password system, only stores a test-string. It could be adapted, but see the next paragraph.
You are considering violating the first rule of security: “A security device must be hard for an attacker, and easy for a legitimate user.”
This seem to make it hard for a legitimate user, and add very little difficulty for an attacker.
Having said that, it could be a good exerciser, even if practically, it reduces security. A friend once wrote a login system that just measured how quickly he could press space (years later, I realised that this was a bio-metric system).
add a comment |
Not for passphrase, as it is just a sequence of bytes.
As for password, then if you re-write the password authentication system (or just add a module). However you may break some stuff (e.g. sudo, and other stuff that nether you or I consider). The computer can read key-codes, and measure timing, but the standard password system, only stores a test-string. It could be adapted, but see the next paragraph.
You are considering violating the first rule of security: “A security device must be hard for an attacker, and easy for a legitimate user.”
This seem to make it hard for a legitimate user, and add very little difficulty for an attacker.
Having said that, it could be a good exerciser, even if practically, it reduces security. A friend once wrote a login system that just measured how quickly he could press space (years later, I realised that this was a bio-metric system).
Not for passphrase, as it is just a sequence of bytes.
As for password, then if you re-write the password authentication system (or just add a module). However you may break some stuff (e.g. sudo, and other stuff that nether you or I consider). The computer can read key-codes, and measure timing, but the standard password system, only stores a test-string. It could be adapted, but see the next paragraph.
You are considering violating the first rule of security: “A security device must be hard for an attacker, and easy for a legitimate user.”
This seem to make it hard for a legitimate user, and add very little difficulty for an attacker.
Having said that, it could be a good exerciser, even if practically, it reduces security. A friend once wrote a login system that just measured how quickly he could press space (years later, I realised that this was a bio-metric system).
answered Jan 24 at 22:35
ctrl-alt-delorctrl-alt-delor
11.3k42058
11.3k42058
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f496555%2fhow-to-set-the-passphrase-that-different-keys-are-discriminable%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown