MORE SSH Hacking: heads-up
Michael H. Warfield
mhw at wittsend.com
Wed Aug 18 01:36:42 UTC 2004
On Mon, Aug 16, 2004 at 12:01:49AM +0100, James Wilkinson wrote:
> On the possibility of "sniffing" a password sent through a SSH-encrypted
> tunnel:
> There were a series of papers some time ago -- one of them is at
> http://www.cs.virginia.edu/cs588/projects/reports/team4.pdf -- which
> claimed that it was possible to guess which keys a user presses by
> measuring the time between keystrokes.
> SSH sessions tend to send one packet for each key the user presses, so
> this data could be visible to an attacker with access to the data
> stream. The theory goes that the attacker could guess when passwords
> were being entered, because normally when a user types a key, the server
> displays something. When passwords are sent, this doesn't happen, and
> an attacker can see the lack of screen updates.
> It is supposed to weaken passwords by a factor of 50: very roughly, it
> would make a 6-character password as easy to crack as a 5-character
> password without this data.
Counter measures have already been implimented (timing jiggers
and normalization).
It was a cute trick but easy to defeat through a number of
tricks. All my passwords are "touch type" I can't even type them
if I look at the keyboard (because I'm thinking about them too much).
> James.
> --
> E-mail address: james | 'In a serial interface, the data bits move down a
> @westexe.demon.co.uk | single channel one after the other, like railway
> | trains. This is different from the parallel interface
> | in which groups of bits arrive together, like London
> | buses.' -- 'The Computer Dictionary', Jon Wedge
Mike
--
Michael H. Warfield | (770) 985-6132 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20040817/81dfd381/attachment-0001.sig>
More information about the fedora-list
mailing list