keystroke timing attack
Florin Andrei
florin at sgi.com
Sat Nov 10 07:27:29 EST 2001
I'm reading this fine article on O'Reilly:
http://linux.oreillynet.com/lpt/a//linux/2001/11/08/ssh_keystroke.html
<quote>
The paper concludes that the keystroke timing data observable from
today's SSH implementations reveals a dangerously significant amount of
information about user terminal sessions--enough to locate typed
passwords in the session data stream and reduce the computational work
involved in guessing those passwords by a factor of 50.
</quote>
Maybe i'm missing something, but isn't enough to not send passwords
char-by-char over the network, and just wait for Enter and then send the
whole lot?
--
Florin Andrei
"Thomas Jefferson would love Napster" (a MSNBC reporter)
More information about the openssh-unix-dev
mailing list