keystroke timing attack
Gert Doering
gert at greenie.muc.de
Sat Nov 10 23:50:28 EST 2001
Hi,
On Fri, Nov 09, 2001 at 03:49:56PM -0800, Florin Andrei wrote:
> > How do you know that something the user types is a password (and not
> > "input to your favourite editor" or such)?
>
> (walking on thin ice...)
>
> Well, when you authenticate by using user/pass, this is what you type:
>
> somecharacters<enter>
> someothercharacters<enter>
> nowtherealsessionstarts
Those are not the passwords the timing attacks talk about (they are sent
in a whole packet anyway). If you enter passwords later on, you have
these.
> I'm not sure if the ssh client can distinguish between
> password-authenticated sessions and other sessions, but if it does, then
> send everything between the first and the second <enter> in one chunk.
The "initial connect password" is done that way.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert.doering at physik.tu-muenchen.de
More information about the openssh-unix-dev
mailing list