Time delay security function

Tue Dec 11 05:06:25 EST 2001

Hi all developers.

I cannot consider myself to be a software developer ( only have a fair 
exposure to some C++, but mostly Perl nad alot of PHP), so forgive my 
ignorance.

I recently had an idea about improving security of a system to make it 
impossible for another party to hack a system via a login procedure.

Now I'm not sure how current authentication systems work, but I think 
that if one could implement the following into a login procedure, it 
should be virtually impossible to crack a password:

The idea is as follow.
When one enters the system root password for the first time, what if one 
could capture the time between keystrokes as well, and store the time 
between strokes on the host system only. This way, even if someone tries 
to run combinations against a password, it would be impossible for the 
cracker to "simulate" the time between two specific characters of the 
password as the time between two strokes is not sent with the password 
string but measured by the host machine as it receives each character. 
So, this is also the first "glitch" in the idea... One would either have 
to make the login process a "streaming" process, ie. reading keystrokes 
as they happen and not waiting for a return, or the passwords needs to 
be read one character at a time with a return after each.

My vision with a system like this would further be to refine a system 
like this to build a profile of an individual via the tempo of their 
typing, much like fingerprints, I'm convinced that every person has his 
own unique typing "print" which a system should be able to "learn" over 
time and would also maybe be able to grow with the person as their 
typing improves.
If this could be made possible, EVERYTHING a person does on his/her 
system would be under scrutiny of constant checking, and not just the 
login procedure, theoretically making the system much safer even if 
someone gained access to the system.

Now, in theory this sounds all possible to me, but I'm not very clued up 
on coding and I'm not even sure if someone else has already tried 
something like this. So, I wouldn't know if this is at all feasible, 
hence my post here. I'd really appreciate your input. And if a 
substantial amount of developers on this forum feels like it could be 
possible to develop a system like this, I would be very interested to be 
part of the development in some way. I would eventually like to become a 
crack coder, but knows when to take a step back and let the experts take 
over.

Please let me know what you think and if you guys think it's a lame idea 
or if this is not the place to post wacky ideas, please tell me too, but 
at least point me towards a list were i can maybe get some help or 
advise or anything for that matter.
I ran this idea past the people at ssh.com about a year ago, but never 
got any response from them, so maybe they think it sucks.

Anyway, thanks for your time and input.

Petre Agenbag
Linux fan
South Africa