New SSH attack weakens passwords

New SSH attack weakens passwords
Ann Harrison, SecurityFocus 2001-08-17

Researchers say the elapsed time between keystrokes can reveal much about your password.

passwd keystroke timing 2001-08-20
Zoltan Maroti

I don't know the protocol used to send password

in SSH but would it be hard to send the whole

password in one packet? Ie. till you don't hit

the enter no packet is sent by every keystroke.

This would defeat the information gaining on

sensitive data.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/241/6789#6789

SSH Keystroke Timing Attack 2001-08-20
Chris Leonardos <cleonardos (at) triumph (dot) com [email concealed]> (3 replies)

SSH Keystroke Timing Attack 2001-08-20
impetus (1 replies)

SSH Keystroke Timing Attack 2001-08-30
Anonymous SSH User

SSH Keystroke Timing Attack 2001-08-30
Anonymous Coward

SSH Keystroke Timing Attack 2001-08-30
Chuck Geigner

how hard would it be 2001-08-30
Gerard Saraber

Why use password? 2001-08-30
Wkdpanda

Which keystrokes to find timings for. 2001-08-30
Todd Knarr <tknarr (at) silverglass (dot) org [email concealed]>