On Wed, Oct 7, 2015 at 12:48 PM, Michael Nelson <[email protected]> wrote: > 4. Twizzlers. One is that I allowed arbitrary shifty characters in my > phrase. So in fact our user could simply tap her favorite rhythm on the Ctrl > key, for her authentication factor. Worked fine.
Is there anything that tells us how many bits of entropy are found in the brainsong (rhythm, melody) of random users? Such that such a song could be read into passphrase data via software and the PC keyboard controller. What are the requirements of a strong song to reach 80/128/256 bits? Note that it is not necessarily specific keys, but also, or primarily depress length, multiple press, interpress timing, etc.
