New SSH attack weakens passwords

New SSH attack weakens passwords
Ann Harrison, SecurityFocus 2001-08-17

Researchers say the elapsed time between keystrokes can reveal much about your password.

Which keystrokes to find timings for. 2001-08-30
Todd Knarr <tknarr (at) silverglass (dot) org [email concealed]>

Isn't there a big hurdle in this attack, namely figuring out which keystrokes in an SSH session are actually the password being typed? Unless you know that, you're going to have an awful lot of combinations of timing information to try, more than then actual number of possible passwords in fact. Hav...

[ more ]