So I made this Rust-crate "Wobblechar" while ago. It translates character to whatever you like, typically a bool or number. Meant for character based waveforms.
I was thinking.. I made this secret-knock a couple of years ago. I can open my door by tapping a particular tune. The tunes I want it to respond to, are now in the code as numbers, meaning relative time intervals. If I was to use Wobblechar for this, make a map of UTF-8 musical note chars to their length, you'd immediately see (if you are musician of course), what tune this is! Would make enter some tunes way more readable. Wauw! Hope I find some time to migrate this thing to Rust and try this!
1 Like
I think that your security architecture is unsound. If you unlock your door by playing a tune or rhythm to it ('s microphone), what you're basically doing is transferring a secret (the tune or rhythm) via an unsecured channel (the air), which is prone to MITM attacks or plain drive-by recording.
Hi Schrad,
Ik think you are taking this way too seriously. But ok, let me defend my case anyway.. I call it secret knock, so anybody understands what I mean. In reality it is a capacitive sensor that you tab real lightly and it works only on that specific spot. So someone would have to know the exact spot (invisible) and know the rhythm, which is not easy, since you don't really hear it when you tab. It is at the back of my house, so who is gonna know anyway...
As a programmer I know that security is always a tradeoff between convenience and effort. No, I'd NOT use this thing for a bank vault. Yes I use it for my house, and it is really nice to be able to go walk the dog or something and not have to take the key. Lot of people here in the village would just leave the door open in such cases...
Cheers, Paul
1 Like
scnr:
I am not really taking this too seriously at all. 
I find the general idea of the program itself interesting. I just raised concerns about the implied security application you mentioned.
I actually doubt the security of the OP's situation is appreciably more compromised than it already was. Any potential threat actor that is already incapable or unwilling to bypass a typical residential lock and dead bolt is likely also not going to go through the time and effort of detecting where the knocking location is and the correct tune. Such threat actors are clearly not nation-state actors or violent criminals since the OP was already doomed to such actors. This means we are dealing with non-violent entities. These entities must also choose not to break in via other means like windows, crawl space, or even breaking the door down seeing how most residential door frames are not metal or reinforced. This leaves us with fairly unmotivated entities. Of those entities, why not just simply pick the lock? The amount of time and effort to learn to pick locks is much less than most people realize, and so many locks are trivial to pick[1] once you know how. It seems rather contrived to imagine an entity that is willing to perform an MITM attack to learn the OP's tune when it would be easier and less conspicuous to pick the lock.
Now if the OP's situation is different than typical residences (e.g., the OP does have reinforced door frames, uses high-security locks, ensures other entry points are "secure", etc.), then sure the OP has just put themselves in a more compromised state. Based on their follow-up though, I don't think that is the OP's situation.
Should be noted that while most locks are easy to pick to the point where one may question "what's the point of locking my residence then?", merely locking a door is often a big enough deterrent for break-ins making the cost-benefit analysis worth it since it takes little time and effort for you to unlock the door yet a large amount of potential break-ins will be prevented. If that is not enough for one though, then they need to make sure they are properly securing their residence; and most people in my experience don't go through with that.
Hell, even the safes used in the Manhattan Project were easily crackable. âŠī¸
2 Likes
All good!
1 Like