I was working for Radio Shack in Australia in 1979 and we had a TRS-80 on display. It was running a fairly standard demo, but we needed to be able to unlock it to run live demos for prospective customers. So we needed a password.
Problem was, there were always a few kids around who would "shoulder surf" (although I didn't know the term back then) and then unlock the machine when we weren't watching.
So I hacked the password mechanism so it required not only the right password, but the right rhythm. When it got a correct password it then analysed the rhythm, and only unlocked the machine if they were both right.
A later variant (unnecessary, as the first was never hacked) was to required a failed login first, where the failure was the right password but wrong rhythm. As I say, that was never deployed, but I now see similarities between that and "port knocking" ( http://en.wikipedia.org/wiki/Port_knocking )
I did have a third phase ready to be implemented, but the first was enough by itself.
I was working for Radio Shack in Australia in 1979 and we had a TRS-80 on display. It was running a fairly standard demo, but we needed to be able to unlock it to run live demos for prospective customers. So we needed a password.
Problem was, there were always a few kids around who would "shoulder surf" (although I didn't know the term back then) and then unlock the machine when we weren't watching.
So I hacked the password mechanism so it required not only the right password, but the right rhythm. When it got a correct password it then analysed the rhythm, and only unlocked the machine if they were both right.
A later variant (unnecessary, as the first was never hacked) was to required a failed login first, where the failure was the right password but wrong rhythm. As I say, that was never deployed, but I now see similarities between that and "port knocking" ( http://en.wikipedia.org/wiki/Port_knocking )
I did have a third phase ready to be implemented, but the first was enough by itself.