<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Sun, May 1, 2016 at 11:12 AM, Grant Schultz <span dir="ltr"><<a href="mailto:gschultz@kc.rr.com" target="_blank">gschultz@kc.rr.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><br>
Subject: [Cryptography] More speculation on cryptographic breakthroughs.<br>
ON 4/30, Ray Dillinger <<a href="mailto:bear@sonic.net" target="_blank">bear@sonic.net</a>> wrote<br>
<br>
>The "major crypto breakthrough" that we keep hearing about, may<br>
>be just a giant database of audio recordings of people typing<br>
>passwords.<br>
<br>
Few question for thought:<br>
<br>
- With most cell phones in pockets, is the audio quality good enough for this kind of attack?<br></blockquote><div><br></div><div>Yes... but training the system is a task.<br>The comments that a computer gathering basic driver actions being able to </div><div>identify the specific driver in a short time 9 of 10 and with longer training</div><div>99%...<br> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
- Would an effective countermeasure be to enter passwords via less audible means, such as touchscreens or mice, and picking out buttons on the screen?<br></blockquote><div><br></div><div>Effective? Anything that breaks with training might be effective.<br>A pocket size keyboard -- plug in and only use for limited actions.</div><div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
- What if we simply press the keys more slowly to where they don't reach their maximum stroke and cause much audible output?<br>
<br>
- I've wondered about the following: If the NSA/FBI/etc. capabilities are as far-reaching as we fear, wouldn't they (FBI in particular) have the ability to conquer organized crime by now? <br></blockquote><div><br></div><div>The deal is that in short order these exploits would be closed or made worthless by </div><div>organized and disorganized crime.</div><div><br></div><div>The FBI may be hobbled by national secrets as much as anyone.<br>Any lead that exits the US becomes the purview of other agencies. <br><br></div><div>The interesting thing is nothing interesting has apparently been found on the iPhone:</div><div><a href="http://www.cbsnews.com/news/source-nothing-significant-found-on-san-bernardino-iphone/">http://www.cbsnews.com/news/source-nothing-significant-found-on-san-bernardino-iphone/</a><br>Now the paranoid might ask: are the secrets on the phone real but to disclose them would</div><div>risk a disclosure of extra legal sanctions on international targets... or hobble those</div><div>sanctions.</div><div><br></div><div>It is foolish to think that any exploit known to any US agency is unknown to</div><div>foreign nationals and criminals. </div><div><br></div><div>Lawmakers need to grock that phones and computers barely qualify</div><div>as trustworthy platforms for banking and other private property "gateways"</div><div>and management tools..<br>Phones unlock cars, homes, bank accounts, manage digital rights to </div><div>books, music, video and other content. Corporate secrets and banks are at risk </div><div>to the tune of amounts equal to many nations total productivity.<br>"Too big to fail" has an additional context the game. "Too big to be hacked."</div><div><br></div><div><br></div><div> </div><div><br></div><div> </div><div><br></div><div><br></div><div><br></div></div><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"> T o m M i t c h e l l</div></div>
</div></div>