My uncle was a career NSA man. In the 1970s, his job (I learned decades later) was to modify and maintain all the typewriters in the White House so their keystrokes couldn't be used to identify what was being typed on them. Presumably the concern was that something like a Buran eavesdropping system could be used to detect vibrations in windows, and the sound of the typewriter keys then extracted and analyzed to recover the text.<p>My grandfather (also career NSA) used to tell me that it would seem like fiction if people knew some of the things that technology and a good cryptanalyst could do. I think he was right.
Link to the paper: <a href="http://www.cs.berkeley.edu/~tygar/papers/Keyboard_Acoustic_Emanations_Revisited/tiss.preprint.pdf" rel="nofollow">http://www.cs.berkeley.edu/~tygar/papers/Keyboard_Acoustic_E...</a><p>It's pretty interesting. It's an algorithm which, given a recording of you typing out several HN comments, can generate an acoustic profile of how you type on your particular keyboard. By assuming that you're typing English, it can infer what words you're typing based on its rough guess, and then it can train itself to recognize keystroke sounds that it previously got wrong. After a few times of doing this, it claims to be accurate enough to recover your passwords from a recording of you typing them in.
Related: (sp)iPhone: Decoding Vibrations From Nearby Keyboards Using Mobile Phone Accelerometers<p><a href="http://www.cc.gatech.edu/~traynor/papers/traynor-ccs11.pdf" rel="nofollow">http://www.cc.gatech.edu/~traynor/papers/traynor-ccs11.pdf</a> (Not working for me right now.)<p><a href="http://dl.packetstormsecurity.net/papers/general/traynor-ccs11.pdf" rel="nofollow">http://dl.packetstormsecurity.net/papers/general/traynor-ccs...</a>
Some of the previous work on this involving timing attacks against SSH [1] is particularly interesting because it's so obvious in retrospect, but no one saw it when SSH was being designed.<p>[1]<a href="http://www.cs.berkeley.edu/~daw/papers/ssh-use01.pdf" rel="nofollow">http://www.cs.berkeley.edu/~daw/papers/ssh-use01.pdf</a>
fwiw, when i used to work in finance, the team i was in used to handle very sensitive market-moving data. one day, without warning, all of the offices keyboards and mouse where changed to "more secure hardware/peripherals" by orders of the cio and its staff. this was in 06/07, at the time i thought they were paranoid - now i think otherwise.
This is a very old idea. I recall that in the 1987 book "Spycatcher" Peter Wright wrote about listening to typewriter keystrokes through a microphone bug in some embessy. He was the head scientist in British intelligence and the book caused a bit of a stir at the time, being the subject of censorship attempts. I think this audio bugging of keystroakes may go back to the 1960's.
I wonder how well this would work for really fast (150WPM+) typists, since at that speed the keys are often being hit simultaneously by many fingers and it becomes much harder to distinguish the individual sounds. The spacebar still remains distinct-sounding, however.