Re: Patching a SSH 'Weakness'

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: <misc@...>

Date: Friday, September 12, 2008 - 8:01 am

On 9/10/2008 at 2:58 PM Kevin Neff wrote:
|Hi,

|

|Some secure protocols like SSH send encrypted keystrokes

|as they're typed.  By doing timing analysis you can figure

|out which keys the user probably typed (keys that are

|physically close together on a keyboard can be typed

|faster).  A careful analysis can reveal the length of

|passwords and probably some of password itself.

 =============
>> (keys that are physically close together on a keyboard

quoted text>> can be typed faster).
I do not agree with that statement.   Using two fingers I can hit the "A" and

"L" keys nearly simultaneously (probably could even hit them simultaneously if

I tried enough).
The statement seems to rely upon the typist being a one-finger typer.

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Patching a SSH 'Weakness', Kevin Neff, (Wed Sep 10, 3:58 pm)

Re: Patching a SSH 'Weakness', Mike M, (Fri Sep 12, 8:01 am)

Re: Patching a SSH 'Weakness', Kevin Neff, (Fri Sep 12, 10:02 am)

Re: Patching a SSH 'Weakness', johan beisser, (Fri Sep 12, 5:32 pm)

Re: Patching a SSH 'Weakness', STeve Andre', (Wed Sep 10, 10:56 pm)

Re: Patching a SSH 'Weakness', Giancarlo Razzolini, (Thu Sep 11, 11:06 am)

Re: Patching a SSH 'Weakness', Damien Miller, (Thu Sep 11, 2:28 am)

Re: Patching a SSH 'Weakness', STeve Andre', (Thu Sep 11, 8:50 am)

Re: Patching a SSH 'Weakness', Aaron Glenn, (Thu Sep 11, 12:40 am)

Re: Patching a SSH 'Weakness', Johan Beisser, (Thu Sep 11, 1:35 am)

Re: Patching a SSH 'Weakness', Hari, (Wed Sep 10, 9:06 pm)

Re: Patching a SSH 'Weakness', Paul de Weerd, (Thu Sep 11, 4:49 am)

Re: Patching a SSH 'Weakness', Darrin Chandler, (Wed Sep 10, 10:21 pm)

Re: Patching a SSH 'Weakness', Marco Peereboom, (Wed Sep 10, 9:50 pm)

Re: Patching a SSH 'Weakness', Damien Miller, (Wed Sep 10, 8:59 pm)


linux-kernel:
Ingo Molnar	[announce] "kill the Big Kernel Lock (BKL)" tree
Greg KH	[GIT PATCH] driver core patches against 2.6.24
Emmanuel Florac	RAID-1 performance under 2.4 and 2.6
Con Kolivas	Re: -mm merge plans for 2.6.23
git:

openbsd-misc:

linux-netdev:
Gerrit Renker	[PATCH 0/37] dccp: Feature negotiation - last call for comments
David Miller	[GIT]: Networking
Eric W. Biederman	Re: 2.6.24-rc3: find complains about /proc/net
David Miller	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().

Re: Patching a SSH 'Weakness'

Online users