New SSH attack weakens passwords

New SSH attack weakens passwords
Ann Harrison, SecurityFocus 2001-08-17

Researchers say the elapsed time between keystrokes can reveal much about your password.

passwd keystroke timing 2001-08-20
Zoltan Maroti

SSH Keystroke Timing Attack 2001-08-20
Chris Leonardos <cleonardos (at) triumph (dot) com [email concealed]> (3 replies)

My question is this: If the SSH Client caches the user keystrokes when accepting the password, and sends them only after the OK button is clicked, how can this attack be at all usefull?

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/241/6795#6795

SSH Keystroke Timing Attack 2001-08-20
impetus (1 replies)

SSH Keystroke Timing Attack 2001-08-30
Anonymous SSH User

SSH Keystroke Timing Attack 2001-08-30
Anonymous Coward

SSH Keystroke Timing Attack 2001-08-30
Chuck Geigner

how hard would it be 2001-08-30
Gerard Saraber

Why use password? 2001-08-30
Wkdpanda

Which keystrokes to find timings for. 2001-08-30
Todd Knarr <tknarr (at) silverglass (dot) org [email concealed]>