Flag of Germany (language selection) Flagge des Vereinigten Königreichs (Auswahl der Sprache)

Lyrics Jukebox

Playing music with synchronized lyrics display for Windows, Linux and Mac

Notes on the interactive passcode

Security

As already mentioned in the text box, the idea for this interactive passcode entry is around 40 years old. Back then, there were no tiny video cameras lurking in almost every phone and soon in many glasses, and an observer only had their memory to rely on to figure out how the code was displayed. That is why even a simple display with a 7-segment LED row offered adequate protection at the time.
Of course, things are different now, because the sequence can be reconstructed from video recordings of several recorded code entries. But it is still better than a simple PIN entry.
There are also a number of measures that can be taken to strengthen the process. With the 64-field checkerboard pattern used in Lyrics Jukebox, a large number of recorded entries are required to recognize the sequence. When digits are used, each digit appears an average of 6.4 times in 64 fields. But although it is unlikely, you also have to consider the worst-case scenario, which occurs when each digit to be read is only displayed once. Two measures in my implementation help to counteract this:
  • The active digit in the currently displayed combination is prevented from occurring only once by always inserting it a second time somewhere in this combination.
  • The unused outputs of the sequence (triggered by the minus sign in the configuration entry) make it more difficult to assign the digits ultimately entered to the combinations displayed.
And you could harden this further by
  • forcing the current character to be displayed a third time,
  • adding further unused outputs to the sequence to make it more ambiguous,
  • using the date or time for field selection,
  • adding colored, graphical, or even acoustic markers,
  • applying an offset to the digits, and having to do a little math,
  • increase the number of fields (but then you would have to mark the rows and columns somehow),
  • use a touchscreen with haptic feedback and use the haptic function to mark the current character (this could perhaps even make a video recording useless).
Perhaps you have even more ideas on this.

How to calculate the optimum ratio between the number of fields and the number of characters used would still need to be researched. It is also unclear whether there are any people who can remember all the data displayed at this speed, but if we assume a video recording, then the possible use of letters is less reliable than that of numbers, because the character being searched for is displayed in fewer positions with 26 letters than with 10 numbers. To counter this, the number of characters per combination could be limited.

Sample program

For those who are only interested in the principle of the dialog password and do not want to deal with Lyrics Jukebox first, I have extracted the relevant functions from the jukebox program and, since executable programs from dubious sources are often not met with enthusiasm, built an Applet that can be used with the Hollywood Player (scroll down a bit there).
  • You have to unzip the player archive (and also install it under Windows),
  • then download the plugin svgimage.hwp from here (the package is called SVG there), or get the version of the file that is suitable for your operating system from the relevant Lyrics Jukebox download archive.
  • Copy svgimage.hwp to the plugin directory of the Hollywood Player. In Windows, this is C:\Program Files\Hollywood Player\Plugins); in all other operating systems, create the Plugins directory in the Hollywood Player directory, if it does not already exist, and copy svgimage.hwp into it.
Then you can start the player and select the script. It is also possible to start it from the command line with the name of the script as an argument.
Lock Lock Then click on the lock in the window (or press Enter) and you will either get “Correct” or “Incorrect” at the end.
The configuration file provided contains the positions of the fields from which the user should read the characters one after the other. The field specifications use coordinates as in chess (A1 is at the bottom left). The minus signs indicate the display combinations to be ignored.
The example “- a8 b7 c6 d5 -” shows six combinations, the first and last of which are only fillers, so you have to remember four characters starting with the second combination, beginning with the field at the top left and then diagonally to the bottom right. The sixth combination is ignored (like the first). An input field is then displayed, and the four characters are entered by pressing Enter.
To start with, I have limited the characters to numbers because I find them easier to remember. You can also activate letters or both; the accompanying configuration file should be self-explanatory.
I didn't bother with a full-screen mode, but you can always scale the window (regardless of its current size) to full screen and back with Alt-Enter.
The source code of the script is of course also included, and if you want syntax highlighting for it, Notepad++, Visual Studio Code (using an extension), or even the classic command line editor vim know the syntax.

Impressum, Daten­schutz
Pfeil zum Seitenanfang Pfeil zur nächsten Seite