New SSH attack weakens passwords

New SSH attack weakens passwords
Ann Harrison, SecurityFocus 2001-08-17

Researchers say the elapsed time between keystrokes can reveal much about your password.

SSH Keystroke Timing Attack 2001-08-30
Anonymous SSH User

Now, if I remember correctly, the SSH2 protocol has a flag that can be sent with a packet which says 'ignore this packet'. I guess the idea is that both sides should periodically (apparently rapidly) send these packets to foil timing attacks. An eavesdropper won't be able to tell if the packet is ma...

[ more ]