Hacker News new | past | comments | ask | show | jobs | submit login
Unlock A Door With A Secret Knock (grathio.com)
57 points by jmonegro on Nov 8, 2009 | hide | past | favorite | 20 comments



I had a variant of this ...

I was working for Radio Shack in Australia in 1979 and we had a TRS-80 on display. It was running a fairly standard demo, but we needed to be able to unlock it to run live demos for prospective customers. So we needed a password.

Problem was, there were always a few kids around who would "shoulder surf" (although I didn't know the term back then) and then unlock the machine when we weren't watching.

So I hacked the password mechanism so it required not only the right password, but the right rhythm. When it got a correct password it then analysed the rhythm, and only unlocked the machine if they were both right.

A later variant (unnecessary, as the first was never hacked) was to required a failed login first, where the failure was the right password but wrong rhythm. As I say, that was never deployed, but I now see similarities between that and "port knocking" ( http://en.wikipedia.org/wiki/Port_knocking )

I did have a third phase ready to be implemented, but the first was enough by itself.


I love how, this being Hacker News, everyone is tearing the security flaws and so on apart.. while not grokking the obvious... guys, he implemented a secret knock! How cool is that!



I see complaints about security here, but you are missing the point, which is a secret passageway.

As we usually see in movies secret passages often have very unsecured ways of entrance (turning a wine bottle in Young Frankenstein). However using a knock for a secret passage would much less easy to stumble upon.

If you haven't noticed I've been thinking a lot about secret passages recently.


That's security through obscurity! Which we all know is bad. ;)


Very cool, but sadly not too practical (very vulnerable to shoulder surf attacks, and it's not that hard to tell that there's something funny about the knock).


I liked his suggested solution:

PS: Here's a zero-technology solution to the "Yeah, but they'll overhear your secret knocks" problem: Scream while knocking


I think a sufficiently long knock (just like a sufficiently long password) would still be almost impossible to crack. If you go on for 15 seconds, who's going to be able to get it right? Not that this makes it practical. I'm just saying. It's only if the knock is really short that this is a problem. If you knock out 30 seconds of a song (assuming it's obscure enough that no one will be able to determine the song), there's no way anyone who doesn't know what song it is will be able to reproduce the knocks.


Hopefully there are no musicians nearby. One with a good enough ear can easily memorize a 15 second-long toneless rhythm :)


video.


I think it's better suited for rooms inside the house/apartment rather than the main entrance, for the reasons you stated. This would kick a%$ in dorm rooms.


I setup a knock sensor on my door too! His solution is much cleaner though. You can all learn my oh-so secret knock for it at http://varenhor.st/idoor


The rhythm is called "Shave and a Haircut"! I didn't know anyone who knew this. I'm impressed.

http://en.wikipedia.org/wiki/Shave_and_a_Haircut


You don't know anyone who's seen Who Framed Roger Rabbit?

No toon can resist the ol' "Shave and a Haircut" trick!


Reminds me a little of Willie Wonka's musical lock.


I thought of "Who Framed Roger Rabbit" especially given the default secret knock.


Not very practical. If we want to avoid carrying key with us, then fingerprint lock would be more convenient and secure.


There's a big problem with fingerprint readers. If I steal your fingerprint then unlike a password you can't change it.


Yes I can. Nine times, no less! ;)


The above post is best said aloud in the voice of The Comic Book Guy from The Simpsons.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: