
Unlock A Door With A Secret Knock - jmonegro
http://grathio.com/2009/11/secret-knock-detecting-door-lock.html
======
RiderOfGiraffes
I had a variant of this ...

I was working for Radio Shack in Australia in 1979 and we had a TRS-80 on
display. It was running a fairly standard demo, but we needed to be able to
unlock it to run live demos for prospective customers. So we needed a
password.

Problem was, there were always a few kids around who would "shoulder surf"
(although I didn't know the term back then) and then unlock the machine when
we weren't watching.

So I hacked the password mechanism so it required not only the right password,
but the right rhythm. When it got a correct password it then analysed the
rhythm, and only unlocked the machine if they were both right.

A later variant (unnecessary, as the first was never hacked) was to required a
failed login first, where the failure was the right password but wrong rhythm.
As I say, that was never deployed, but I now see similarities between that and
"port knocking" ( <http://en.wikipedia.org/wiki/Port_knocking> )

I did have a third phase ready to be implemented, but the first was enough by
itself.

------
jlees
I love how, this being Hacker News, everyone is tearing the security flaws and
so on apart.. while not grokking the obvious... guys, he _implemented a secret
knock_! How cool is that!

~~~
Create
[http://www.ibm.com/developerworks/linux/library/l-knockage.h...](http://www.ibm.com/developerworks/linux/library/l-knockage.html)

------
sammcd
I see complaints about security here, but you are missing the point, which is
a secret passageway.

As we usually see in movies secret passages often have very unsecured ways of
entrance (turning a wine bottle in Young Frankenstein). However using a knock
for a secret passage would much less easy to stumble upon.

If you haven't noticed I've been thinking a lot about secret passages
recently.

~~~
ErrantX
That's security through obscurity! Which we all know is bad. ;)

------
selven
Very cool, but sadly not too practical (very vulnerable to shoulder surf
attacks, and it's not that hard to tell that there's something funny about the
knock).

~~~
DanielStraight
I think a sufficiently long knock (just like a sufficiently long password)
would still be almost impossible to crack. If you go on for 15 seconds, who's
going to be able to get it right? Not that this makes it practical. I'm just
saying. It's only if the knock is really short that this is a problem. If you
knock out 30 seconds of a song (assuming it's obscure enough that no one will
be able to determine the song), there's no way anyone who doesn't know what
song it is will be able to reproduce the knocks.

~~~
simplify
Hopefully there are no musicians nearby. One with a good enough ear can easily
memorize a 15 second-long toneless rhythm :)

------
Jakob
The rhythm is called "Shave and a Haircut"! I didn't know anyone who knew
this. I'm impressed.

<http://en.wikipedia.org/wiki/Shave_and_a_Haircut>

~~~
fallintothis
You don't know anyone who's seen _Who Framed Roger Rabbit_?

No toon can resist the ol' "Shave and a Haircut" trick!

------
varenc
I setup a knock sensor on my door too! His solution is much cleaner though.
You can all learn my oh-so secret knock for it at <http://varenhor.st/idoor>

------
drinian
Reminds me a little of Willie Wonka's musical lock.

~~~
blogimus
I thought of "Who Framed Roger Rabbit" especially given the default secret
knock.

------
dennisgorelik
Not very practical. If we want to avoid carrying key with us, then fingerprint
lock would be more convenient and secure.

~~~
jgrahamc
There's a big problem with fingerprint readers. If I steal your fingerprint
then unlike a password you can't change it.

~~~
sdrinf
Yes I can. Nine times, no less! ;)

