MORE SSH Hacking: heads-up

Michael H. Warfield mhw at wittsend.com
Wed Aug 18 01:36:42 UTC 2004 

On Mon, Aug 16, 2004 at 12:01:49AM +0100, James Wilkinson wrote:
> On the possibility of "sniffing" a password sent through a SSH-encrypted
> tunnel:

> There were a series of papers some time ago -- one of them is at
> http://www.cs.virginia.edu/cs588/projects/reports/team4.pdf -- which
> claimed that it was possible to guess which keys a user presses by
> measuring the time between keystrokes.

> SSH sessions tend to send one packet for each key the user presses, so
> this data could be visible to an attacker with access to the data
> stream. The theory goes that the attacker could guess when passwords
> were being entered, because normally when a user types a key, the server
> displays something. When passwords are sent, this doesn't happen, and
> an attacker can see the lack of screen updates.

> It is supposed to weaken passwords by a factor of 50: very roughly, it
> would make a 6-character password as easy to crack as a 5-character
> password without this data.

	Counter measures have already been implimented (timing jiggers
and normalization).

	It was a cute trick but easy to defeat through a number of
tricks.  All my passwords are "touch type"  I can't even type them
if I look at the keyboard (because I'm thinking about them too much).

> James.

> -- 
> E-mail address: james | 'In a serial interface, the data bits move down a
> @westexe.demon.co.uk  | single channel one after the other, like railway
>                       | trains. This is different from the parallel interface
>                       | in which groups of bits arrive together, like London
>                       | buses.'  -- 'The Computer Dictionary', Jon Wedge

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com
  /\/\|=mhw=|\/\/       |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20040817/81dfd381/attachment-0001.sig>

More information about the fedora-list mailing list