Hey all. I was wondering if anyone has seen an encryption program, or any software for that matter, that uses a tone or some sound input as a password or key. Any help would be appreciated.
Printable View
Hey all. I was wondering if anyone has seen an encryption program, or any software for that matter, that uses a tone or some sound input as a password or key. Any help would be appreciated.
This reminds me of the captain crunch whistle hack. Thats where the name 2600 came from, the frequency of the whistle that allowed you to make free calls on payphones.
As for voice passwords, my dad had a voicemail a while back that had one, he would say his name to enter his voicemail. I was young so i dont remember the name
Little bit of info here, but they also say that it should exist
http://www.shouldexist.org/story/2000/7/21/195743/107
Only problem with this is physical security. Whatever makes the noise/sound/tone can be stolen. Unless its used with a memorized password, fingerprinter or other backup/secondary check, I think it would be about the equivalent of writing your password in BIG letters (with a description of exactly what is being read) and carrying it in a visible place.
Being in a physical as well as computer security field, I know how often people lose things.
I have recently seen the COOLEST form of computer security yet however.
People wear electronic pendants, that display a 8 digit number. This number changes once every minute. the numbers are unique to thier user accounts. To log in they need the password they have in thier head, and have to read, and type that number...
THAT is pretty damn cool if you ask me.
I agree with the weakness in a tone/voice based password, it all goes along with how easy it was to crack the old tone based pay phones. All someone has to do is record it once and they have all the access they need. Also, with so many methods to actually record you, without you knowing.
1. All they need to do is hear you say it once and then when your not at your PC, start up a conversation that would contain that word.
2. Have a Microrecords sitting by your desk
3. I can go on all day... :)
if you come in to work whistling a happy turn you can wind up locked out?
my dad had one of these, avenger_jcc- He types in a password on the card, and the card spits out a generated password back. Pretty cool stuff, even if you lose the card you still need the password.
http://www.rsasecurity.com/products/...are_token.html
Anyone remember the end of richie rich, where they go into a musical number to open the family vault? :D
I knew the fat kid in Richie Rich growing up. Hes the one that breaks the gumball machine.
A person that I know who works at AOL has one of those time changing things that avenger_jcc mentioned. Perhaps that is something that could be integreated with the audio key idea. Have a tone generator that creates a different string and rythm of tones depending on time. Although, it has the same flaw as the time-number key in that if someone steals it, or if you loose it, your out of luck. Maybe a thumbprint scanner should be placed on the number/tone generator to get a number/tone. But then why not just use the thumprint scanner?!
Also, one idea that I had for the tone, be it effective/secure or not, is to input via a music device, be it MP3, MiniDisc, CD, whatever through the headphone output into the computer "Line In" in which case the tone could be not heard by others. Or if the program that utilizes the tone was say an encryption key instead of a login or such, you could even just loop the output of your computer back into its input and play the tone from the computer. This has flaws of course, unless you use a flash disk or some easily removeable drive so others couldn't find it.
I believe it doesn't matter what kind of Authencation method is used because if someone wants to get into the computer or device bad enough will always find a way to either copy the tones, voice Etc
Yes I have encountered sound activated security, basically for access control, not cryptography though.
Voice pattern recognition..........yep............but all this is 70's to early 80's stuff, twenty to thirty years out of date? and too easily confused/circumvented.
Key round your neck & password...............a token.................something you know and something you own.......check out RSA and virtual private networking.............only about 5 years old (well to me........sure it has been around longer) just catching on in the non-finance/military/intelligence sectors it would seem?
I do remember these marvellous devices that we wore round our necks...opened a door as you approached it, and logged your whereabouts on site..............it cost an absolute fortune...........which they had to regurgitate :chuck:
People were doing funny dances in front of doors to open them............I saw some of the security guards' films........hell it would have made great TV :D
IMHO you will get better security from a flock of geese, and a young gentleman from the 75th Rangers or 2nd Recon, whose girlfriend has just left him..................all he needs is 1000 rounds of purple spot for the M-60/GPMG?......a six pack might help with the watch though?
cheers
EDIT: make that two six-packs.........they deserve it
I have also heard of authentication mechanisms in development based on the way you type, and also your breath...although I can imagine that after a heavy night of drinking this could easily fail...
There are also of course the retina scans, many of which can be defeated by a photograph of the correct eyeball.
Personally, I like my fingerprint reader, it works well and so far no problems.
That is the system Im seeing. old or not, slick as hell...Quote:
Originally posted here by Soda_Popinsky
my dad had one of these, avenger_jcc- He types in a password on the card, and the card spits out a generated password back. Pretty cool stuff, even if you lose the card you still need the password.
http://www.rsasecurity.com/products/...are_token.html
Anyone remember the end of richie rich, where they go into a musical number to open the family vault? :D
I knew the fat kid in Richie Rich growing up. Hes the one that breaks the gumball machine.
there was a speical on security test that the NSA was doing ( I think it was on Descovery) about dual software one used face reconnition and the other used thermographics. To see if it could be bypassed before someone found the person.
Heres a little usb key that requires the key and a password:
http://www.thinkgeek.com/gadgets/security/5cd6/
But the randomly generated key sounds really cool. And I guess the usb one would be kinda pointless in a work environment unless you have usb ports on the front of the computer. this page has a couple of other cool things though: http://www.thinkgeek.com/gadgets/security/
Does anyone know of a way to turn a normal USB flash drive into a security key? I've already got a flash drive and don't want to fork over $130 bucks for a key like they have @ ThinkGeek.
I'm looking for some kind of software or somethin that does it.
But, I've found some cheaper ones in the process. Heres a cool one that lets you make a portion of your hard drive invisible and inaccessible:
http://www.kanguru.com/kanguruwizard.html
oh well these seem pretty common so maybe someone with more experience on the matter can help
Sound based security is funamentally flawed, as we can replecate voice patterns, however combined with retina, fingerprint or DNA you would have an effective security system.
The main down side is the cost of the system, and how the system would recognize legal users, as the compsarisson files would need to be protected by a cryptographic key similar to RSA, combined with IDS and Firewalls etc
Well I amost feel silly for posting this , I do agree with the above post audio secerity is very weak, however just for fun I downloaded this OLD OLD voice harassment called "**** Talker" I found it in the new copy of Wallace Wangs Updated edition of "Steal This Computer Book 3" page 307. As I said it is used just as a voice harassment tool, however it has so many futures ( ex being a free download ) I used it to copy my "Line of Text" command in XP Add on Voice Security Program ( at CNET.COM ) and used it to fool the log in command about half the time I tried it. As I said this maybe be too silly to try,, but being FREE what ya have to lose! Thank You
muert0: try the A-key there still doing free samples I believe..software prevents you using it for more than 6 months.
Sound is used in cryptography sometimes - they use random sound and radio transmissions to generate random numbers, but thats not what you asked about.
Theres quite a few voice recognition things out there, you can pick them up in the amatuer robotics arena for about £30 now i believe, but voice can always be recorded it can be socially engineered out of someone on a telephone and recorded.
DTMF tones were what you all keep refering to as the Captain crunch thing....(dual tone multi frequencys). There actually used for passwords on answer phones as well, typically 4 value passwords (poor, and most users dont change the default)
i2c
We have a voice authentication system that we use for certain phone based applications. It works very well, and is actually pretty secure. There is a pass phrase that you have to say into the phone and then the system matches your voice against a stored copy of your voice. If they do not match, you are denied access. The software is so sensitive that you have to call in and record your passphrase through any phone that you may use, because the differences in the phone microphone can change characteristics of your voice. So for instance I had to call in from my cell phone, my office phone, and my home phone. I have tried to log in from other phones and been unsuccessful so I don't think it would be real easy to hack this type of system. You would need a very high quality recording of the person saying their passphrase, and you would need to use a similiar phone as what they used when their passphrase was recorded. Persay makes the software. www.persay.com
Even though the system is relatively secure, we don't use this type of biometric authentication for anything that would be considered sensitive. We use RSA SecureID tokens, the cards that generate a number based on their serial number, a seed, and the current time, for VPN authentication.
ATTENTION!!!
Before you post... NOTICE: The original poster has not logged into AO since (Last Online: 03-03-2004 at 07:49 PM).
i didnt even now it was possible to have a tone password. it seems like a really cool idea to me. i should try it.