Comment by glitchc
2 years ago
Brilliant suggestion. Have a TRNG or a CSPRNG (if too poor for a TRNG) choose the next layout at random for you, ideally with every keystroke. Good luck cracking that!
2 years ago
Brilliant suggestion. Have a TRNG or a CSPRNG (if too poor for a TRNG) choose the next layout at random for you, ideally with every keystroke. Good luck cracking that!
Some places use touchscreen keypads for PIN entry exactly for this reason: to allow randomization, e.g. for opening a locked door, or for authorizing a transaction.
That is interesting.
I’m sure it depends on the application to some extent. I can type my pin in without looking at all, so I can cover it up while doing it. If I had to hunt and peck, it’d easier for an onlooker to observe my slower motions I think.
But if I used the same machine often enough to produce wear specific to me, this randomization would be really useful.
I use a randomized PIN pad on my phone, and I've gotten quite used to it. I can enter my PIN almost as fast as I could on an unscrambled pad; it's definitely not hunting and pecking.
Do they randomize the key locations though?
Otherwise, you leave behind grease where your fingers touched
Yes, the layout is randomized every time you use it.
Could be done by using a device with a display - e.g. an "ereader" - to present a random keyboard layout. But, good luck being efficient typing on that. At that point, better use a different input model.
Or, use techniques such as those in the article, such as random keypresses played during the actual ones.
Some banks went through a phase of this - website would present an on screen keyboard for the password field with a randomized layout.
I'm sure customer frustration was huge.
Even using Vim or Emacs would add some obufsCTRL[dbiobfuscation from all the spurious keystrokes.