Hi all developers.
I cannot consider myself to be a software developer ( only have a fair
exposure to some C++, but mostly Perl nad alot of PHP), so forgive my
ignorance.
I recently had an idea about improving security of a system to make it
impossible for another party to hack a system via a login procedure.
Now I'm not sure how current authentication systems work, but I think
that if one could implement the following into a login procedure, it
should be virtually impossible to crack a password:
The idea is as follow.
When one enters the system root password for the first time, what if one
could capture the time between keystrokes as well, and store the time
between strokes on the host system only. This way, even if someone tries
to run combinations against a password, it would be impossible for the
cracker to "simulate" the time between two specific characters of the
password as the time between two strokes is not sent with the password
string but measured by the host machine as it receives each character.
So, this is also the first "glitch" in the idea... One would either
have
to make the login process a "streaming" process, ie. reading
keystrokes
as they happen and not waiting for a return, or the passwords needs to
be read one character at a time with a return after each.
My vision with a system like this would further be to refine a system
like this to build a profile of an individual via the tempo of their
typing, much like fingerprints, I'm convinced that every person has his
own unique typing "print" which a system should be able to
"learn" over
time and would also maybe be able to grow with the person as their
typing improves.
If this could be made possible, EVERYTHING a person does on his/her
system would be under scrutiny of constant checking, and not just the
login procedure, theoretically making the system much safer even if
someone gained access to the system.
Now, in theory this sounds all possible to me, but I'm not very clued up
on coding and I'm not even sure if someone else has already tried
something like this. So, I wouldn't know if this is at all feasible,
hence my post here. I'd really appreciate your input. And if a
substantial amount of developers on this forum feels like it could be
possible to develop a system like this, I would be very interested to be
part of the development in some way. I would eventually like to become a
crack coder, but knows when to take a step back and let the experts take
over.
Please let me know what you think and if you guys think it's a lame idea
or if this is not the place to post wacky ideas, please tell me too, but
at least point me towards a list were i can maybe get some help or
advise or anything for that matter.
I ran this idea past the people at ssh.com about a year ago, but never
got any response from them, so maybe they think it sucks.
Anyway, thanks for your time and input.
Petre Agenbag
Linux fan
South Africa