New SSH attack weakens passwords

New SSH attack weakens passwords
Ann Harrison, SecurityFocus 2001-08-17

Researchers say the elapsed time between keystrokes can reveal much about your password.

passwd keystroke timing 2001-08-20
Zoltan Maroti

SSH Keystroke Timing Attack 2001-08-20
Chris Leonardos <cleonardos (at) triumph (dot) com [email concealed]> (3 replies)

SSH Keystroke Timing Attack 2001-08-20
impetus (1 replies)

SSH Keystroke Timing Attack 2001-08-30
Anonymous SSH User

SSH Keystroke Timing Attack 2001-08-30
Anonymous Coward

SSH Keystroke Timing Attack 2001-08-30
Chuck Geigner

how hard would it be 2001-08-30
Gerard Saraber

Why use password? 2001-08-30
Wkdpanda

Which keystrokes to find timings for. 2001-08-30
Todd Knarr <tknarr (at) silverglass (dot) org [email concealed]>

Isn't there a big hurdle in this attack, namely figuring out which keystrokes in an SSH session are actually the password being typed? Unless you know that, you're going to have an awful lot of combinations of timing information to try, more than then actual number of possible passwords in fact. Have I missed something here?

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/241/6831#6831