Sound or Tone as Password/Key???
Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: Sound or Tone as Password/Key???

  1. #1
    Junior Member
    Join Date
    Jun 2003
    Posts
    3

    Sound or Tone as Password/Key???

    Hey all. I was wondering if anyone has seen an encryption program, or any software for that matter, that uses a tone or some sound input as a password or key. Any help would be appreciated.
    Farlander

  2. #2
    This reminds me of the captain crunch whistle hack. Thats where the name 2600 came from, the frequency of the whistle that allowed you to make free calls on payphones.

    As for voice passwords, my dad had a voicemail a while back that had one, he would say his name to enter his voicemail. I was young so i dont remember the name

    Little bit of info here, but they also say that it should exist

    http://www.shouldexist.org/story/2000/7/21/195743/107

  3. #3
    Senior Member
    Join Date
    Feb 2002
    Posts
    518
    Only problem with this is physical security. Whatever makes the noise/sound/tone can be stolen. Unless its used with a memorized password, fingerprinter or other backup/secondary check, I think it would be about the equivalent of writing your password in BIG letters (with a description of exactly what is being read) and carrying it in a visible place.

    Being in a physical as well as computer security field, I know how often people lose things.

    I have recently seen the COOLEST form of computer security yet however.
    People wear electronic pendants, that display a 8 digit number. This number changes once every minute. the numbers are unique to thier user accounts. To log in they need the password they have in thier head, and have to read, and type that number...
    THAT is pretty damn cool if you ask me.
    Remember -
    The ark was built by amatures...
    The Titanic was built by professionals.

  4. #4
    Senior Member Info Tech Geek's Avatar
    Join Date
    Jan 2003
    Location
    Vernon, CT
    Posts
    828
    I agree with the weakness in a tone/voice based password, it all goes along with how easy it was to crack the old tone based pay phones. All someone has to do is record it once and they have all the access they need. Also, with so many methods to actually record you, without you knowing.

    1. All they need to do is hear you say it once and then when your not at your PC, start up a conversation that would contain that word.
    2. Have a Microrecords sitting by your desk
    3. I can go on all day...

  5. #5
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    if you come in to work whistling a happy turn you can wind up locked out?
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  6. #6
    my dad had one of these, avenger_jcc- He types in a password on the card, and the card spits out a generated password back. Pretty cool stuff, even if you lose the card you still need the password.

    http://www.rsasecurity.com/products/...are_token.html


    Anyone remember the end of richie rich, where they go into a musical number to open the family vault?

    I knew the fat kid in Richie Rich growing up. Hes the one that breaks the gumball machine.

  7. #7
    Junior Member
    Join Date
    Jun 2003
    Posts
    3
    A person that I know who works at AOL has one of those time changing things that avenger_jcc mentioned. Perhaps that is something that could be integreated with the audio key idea. Have a tone generator that creates a different string and rythm of tones depending on time. Although, it has the same flaw as the time-number key in that if someone steals it, or if you loose it, your out of luck. Maybe a thumbprint scanner should be placed on the number/tone generator to get a number/tone. But then why not just use the thumprint scanner?!

    Also, one idea that I had for the tone, be it effective/secure or not, is to input via a music device, be it MP3, MiniDisc, CD, whatever through the headphone output into the computer "Line In" in which case the tone could be not heard by others. Or if the program that utilizes the tone was say an encryption key instead of a login or such, you could even just loop the output of your computer back into its input and play the tone from the computer. This has flaws of course, unless you use a flash disk or some easily removeable drive so others couldn't find it.
    Farlander

  8. #8
    Senior Member DeadAddict's Avatar
    Join Date
    Jun 2003
    Posts
    2,583
    I believe it doesn't matter what kind of Authencation method is used because if someone wants to get into the computer or device bad enough will always find a way to either copy the tones, voice Etc

  9. #9
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,178
    Yes I have encountered sound activated security, basically for access control, not cryptography though.

    Voice pattern recognition..........yep............but all this is 70's to early 80's stuff, twenty to thirty years out of date? and too easily confused/circumvented.

    Key round your neck & password...............a token.................something you know and something you own.......check out RSA and virtual private networking.............only about 5 years old (well to me........sure it has been around longer) just catching on in the non-finance/military/intelligence sectors it would seem?

    I do remember these marvellous devices that we wore round our necks...opened a door as you approached it, and logged your whereabouts on site..............it cost an absolute fortune...........which they had to regurgitate

    People were doing funny dances in front of doors to open them............I saw some of the security guards' films........hell it would have made great TV

    IMHO you will get better security from a flock of geese, and a young gentleman from the 75th Rangers or 2nd Recon, whose girlfriend has just left him..................all he needs is 1000 rounds of purple spot for the M-60/GPMG?......a six pack might help with the watch though?

    cheers

    EDIT: make that two six-packs.........they deserve it
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  10. #10
    Senior Member
    Join Date
    Oct 2002
    Posts
    314
    I have also heard of authentication mechanisms in development based on the way you type, and also your breath...although I can imagine that after a heavy night of drinking this could easily fail...

    There are also of course the retina scans, many of which can be defeated by a photograph of the correct eyeball.

    Personally, I like my fingerprint reader, it works well and so far no problems.
    Quis custodiet ipsos custodes

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides