Re: Patching a SSH 'Weakness'

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: Hari <innomotive@...>

Cc: <misc@...>, <neffk@...>

Date: Thursday, September 11, 2008 - 4:49 am

On Thu, Sep 11, 2008 at 10:06:27AM +0900, Hari wrote:

| On Thu, Sep 11, 2008 at 4:58 AM, Kevin Neff  wrote:

| > Hi,

| >

| > Some secure protocols like SSH send encrypted keystrokes

| > as they're typed.  By doing timing analysis you can figure

| > out which keys the user probably typed (keys that are

| > physically close together on a keyboard can be typed

| > faster).  A careful analysis can reveal the length of

| > passwords and probably some of password itself.

| >

| > The paper:

| >

| >  http://portal.acm.org/citation.cfm?

| >  id=1267612.1267637&coll=Portal&dl=GUIDE&CFID=1943417&C

| >  FTOKEN=28290455

|

| The paper itself is not accessible. Prima facie, this looked like a

| technology-in-search-of-a-problem kinda thing to me. For now, it

| sounds like bull.
Sure the paper is accessible. Just google for "Timing Analysis of

Keystrokes and Timing Attacks on SSH". First hit is the PDF of the

article which is well written and explains the problem in great

detail.
Cheers,
Paul 'WEiRD' de Weerd
--

quoted text>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+

+++++++++++>-]<.>++[<------------>-]<+.--------------.[-]

                 http://www.weirdnet.nl/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Patching a SSH 'Weakness', Kevin Neff, (Wed Sep 10, 3:58 pm)

Re: Patching a SSH 'Weakness', Mike M, (Fri Sep 12, 8:01 am)

Re: Patching a SSH 'Weakness', Kevin Neff, (Fri Sep 12, 10:02 am)

Re: Patching a SSH 'Weakness', johan beisser, (Fri Sep 12, 5:32 pm)

Re: Patching a SSH 'Weakness', STeve Andre', (Wed Sep 10, 10:56 pm)

Re: Patching a SSH 'Weakness', Giancarlo Razzolini, (Thu Sep 11, 11:06 am)

Re: Patching a SSH 'Weakness', Damien Miller, (Thu Sep 11, 2:28 am)

Re: Patching a SSH 'Weakness', STeve Andre', (Thu Sep 11, 8:50 am)

Re: Patching a SSH 'Weakness', Aaron Glenn, (Thu Sep 11, 12:40 am)

Re: Patching a SSH 'Weakness', Johan Beisser, (Thu Sep 11, 1:35 am)

Re: Patching a SSH 'Weakness', Hari, (Wed Sep 10, 9:06 pm)

Re: Patching a SSH 'Weakness', Paul de Weerd, (Thu Sep 11, 4:49 am)

Re: Patching a SSH 'Weakness', Darrin Chandler, (Wed Sep 10, 10:21 pm)

Re: Patching a SSH 'Weakness', Marco Peereboom, (Wed Sep 10, 9:50 pm)

Re: Patching a SSH 'Weakness', Damien Miller, (Wed Sep 10, 8:59 pm)


linux-kernel:
Mike Galbraith	Re: regression: CD burning (k3b) went broke
Andi Kleen	[PATCH] [3/22] x86_64: Kill temp boot pmds
Alan Cox	Re: [PATCH][RFC] 4K stacks default, not a debug thing any more...?
Greg Kroah-Hartman	[PATCH 004/196] Chinese: add translation of SubmittingPatches
git:

openbsd-misc:

linux-netdev:
David Miller	[GIT]: Networking
Jarek Poplawski	[PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Gerrit Renker	[PATCH 05/37] dccp: Cleanup routines for feature negotiation
Brandeburg, Jesse	RE: [PATCH] e1000e: test MSI interrupts

Re: Patching a SSH 'Weakness'

Online users