I was working for Radio Shack in Australia in 1979 and we had a TRS-80 on display. It was running a fairly standard demo, but we needed to be able to unlock it to run live demos for prospective customers. So we needed a password.
Problem was, there were always a few kids around who would "shoulder surf" (although I didn't know the term back then) and then unlock the machine when we weren't watching.
So I hacked the password mechanism so it required not only the right password, but the right rhythm. When it got a correct password it then analysed the rhythm, and only unlocked the machine if they were both right.
A later variant (unnecessary, as the first was never hacked) was to required a failed login first, where the failure was the right password but wrong rhythm. As I say, that was never deployed, but I now see similarities between that and "port knocking" ( http://en.wikipedia.org/wiki/Port_knocking )
I did have a third phase ready to be implemented, but the first was enough by itself.
I love how, this being Hacker News, everyone is tearing the security flaws and so on apart.. while not grokking the obvious... guys, he implemented a secret knock! How cool is that!
I see complaints about security here, but you are missing the point, which is a secret passageway.
As we usually see in movies secret passages often have very unsecured ways of entrance (turning a wine bottle in Young Frankenstein). However using a knock for a secret passage would much less easy to stumble upon.
If you haven't noticed I've been thinking a lot about secret passages recently.
Very cool, but sadly not too practical (very vulnerable to shoulder surf attacks, and it's not that hard to tell that there's something funny about the knock).
I think a sufficiently long knock (just like a sufficiently long password) would still be almost impossible to crack. If you go on for 15 seconds, who's going to be able to get it right? Not that this makes it practical. I'm just saying. It's only if the knock is really short that this is a problem. If you knock out 30 seconds of a song (assuming it's obscure enough that no one will be able to determine the song), there's no way anyone who doesn't know what song it is will be able to reproduce the knocks.
I think it's better suited for rooms inside the house/apartment rather than the main entrance, for the reasons you stated. This would kick a%$ in dorm rooms.
I was working for Radio Shack in Australia in 1979 and we had a TRS-80 on display. It was running a fairly standard demo, but we needed to be able to unlock it to run live demos for prospective customers. So we needed a password.
Problem was, there were always a few kids around who would "shoulder surf" (although I didn't know the term back then) and then unlock the machine when we weren't watching.
So I hacked the password mechanism so it required not only the right password, but the right rhythm. When it got a correct password it then analysed the rhythm, and only unlocked the machine if they were both right.
A later variant (unnecessary, as the first was never hacked) was to required a failed login first, where the failure was the right password but wrong rhythm. As I say, that was never deployed, but I now see similarities between that and "port knocking" ( http://en.wikipedia.org/wiki/Port_knocking )
I did have a third phase ready to be implemented, but the first was enough by itself.