Re: Patching a SSH 'Weakness'

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: <misc@...>

Date: Friday, September 12, 2008 - 8:01 am

On 9/10/2008 at 2:58 PM Kevin Neff wrote:
|Hi,

|

|Some secure protocols like SSH send encrypted keystrokes

|as they're typed.  By doing timing analysis you can figure

|out which keys the user probably typed (keys that are

|physically close together on a keyboard can be typed

|faster).  A careful analysis can reveal the length of

|passwords and probably some of password itself.

 =============
>> (keys that are physically close together on a keyboard

quoted text>> can be typed faster).
I do not agree with that statement.   Using two fingers I can hit the "A" and

"L" keys nearly simultaneously (probably could even hit them simultaneously if

I tried enough).
The statement seems to rely upon the typist being a one-finger typer.

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Patching a SSH 'Weakness', Kevin Neff, (Wed Sep 10, 3:58 pm)

Re: Patching a SSH 'Weakness', Mike M, (Fri Sep 12, 8:01 am)

Re: Patching a SSH 'Weakness', Kevin Neff, (Fri Sep 12, 10:02 am)

Re: Patching a SSH 'Weakness', johan beisser, (Fri Sep 12, 5:32 pm)

Re: Patching a SSH 'Weakness', STeve Andre', (Wed Sep 10, 10:56 pm)

Re: Patching a SSH 'Weakness', Giancarlo Razzolini, (Thu Sep 11, 11:06 am)

Re: Patching a SSH 'Weakness', Damien Miller, (Thu Sep 11, 2:28 am)

Re: Patching a SSH 'Weakness', STeve Andre', (Thu Sep 11, 8:50 am)

Re: Patching a SSH 'Weakness', Aaron Glenn, (Thu Sep 11, 12:40 am)

Re: Patching a SSH 'Weakness', Johan Beisser, (Thu Sep 11, 1:35 am)

Re: Patching a SSH 'Weakness', Hari, (Wed Sep 10, 9:06 pm)

Re: Patching a SSH 'Weakness', Paul de Weerd, (Thu Sep 11, 4:49 am)

Re: Patching a SSH 'Weakness', Darrin Chandler, (Wed Sep 10, 10:21 pm)

Re: Patching a SSH 'Weakness', Marco Peereboom, (Wed Sep 10, 9:50 pm)

Re: Patching a SSH 'Weakness', Damien Miller, (Wed Sep 10, 8:59 pm)


linux-kernel:
Andrew Morton	-mm merge plans for 2.6.23
Greg Kroah-Hartman	[PATCH 006/196] Chinese: add translation of oops-tracing.txt
Greg KH	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Roland Dreier	Re: Integration of SCST in the mainstream Linux kernel
git:

linux-netdev:
David Miller	[GIT]: Networking
Gerrit Renker	[PATCH 15/37] dccp: Set per-connection CCIDs via socket options
Linus Torvalds	Re: iptables very slow after commit 784544739a25c30637397ace5489eeb6e15d7d49
Herbert Xu	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
openbsd-misc:

Re: Patching a SSH 'Weakness'

Online users