New SSH attack weakens passwords

New SSH attack weakens passwords
Ann Harrison, SecurityFocus 2001-08-17

Researchers say the elapsed time between keystrokes can reveal much about your password.

passwd keystroke timing 2001-08-20
Zoltan Maroti

SSH Keystroke Timing Attack 2001-08-20
Chris Leonardos <cleonardos (at) triumph (dot) com [email concealed]> (3 replies)

SSH Keystroke Timing Attack 2001-08-20
impetus (1 replies)

Ahhh, you do not focus on the crux of the issue. The ssh password may never be revealed do to key authentication. think instead of the passwords that may be used whilst conducting an ssh session. For instance, it is common practice to have a reasonably secure [;-) server act as a ssh concentrator. Users ssh to this box and can then telnet or console to other devices. If the passwords/traffic can be analyzed from this exchange then you may have a problem.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/241/6796#6796

SSH Keystroke Timing Attack 2001-08-30
Anonymous SSH User

SSH Keystroke Timing Attack 2001-08-30
Anonymous Coward

SSH Keystroke Timing Attack 2001-08-30
Chuck Geigner

how hard would it be 2001-08-30
Gerard Saraber

Why use password? 2001-08-30
Wkdpanda

Which keystrokes to find timings for. 2001-08-30
Todd Knarr <tknarr (at) silverglass (dot) org [email concealed]>