Date: Wed, 22 Aug 2001 17:10:16 -0700 From: "Bruce A. Mah" <bmah@FreeBSD.ORG> To: Leo Bicknell <bicknell@ufp.org> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: ssh password cracker - now this *is* cool! Message-ID: <200108230010.f7N0AGf27563@intruder.bmah.org> In-Reply-To: <20010822195508.B93930@ussenterprise.ufp.org> References: <200108222330.f7MNUUj80882@earth.backplane.com> <20010822195508.B93930@ussenterprise.ufp.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--==_Exmh_-784623144P Content-Type: text/plain; charset=us-ascii If memory serves me right, Leo Bicknell wrote: > On Wed, Aug 22, 2001 at 04:30:30PM -0700, Matt Dillon wrote: > > http://www.vnunet.com/News/1124839 > > Several people on other mailing lists have pointed out that Nagle > should make this much harder, although it's unclear how Nagle and > ssh interact. So far that has resulted in a number of degenerating > discussions of how things work. Of course, Nagle will not help > between two machines on the same ethernet segment, but probably > would make the process described in the paper much harder. Indeed. They also didn't discuss (or I didn't see it) the effects of queueing or jitter in the network on their scheme. This *is* pretty neat, although it is less of a password cracker than a scheme of narrowing down the space of possible passwords. > All of this aruges for Kerberos or some other cryptographic system > so once you're authenticated once there is little or no need to type > additional passwords. ssh-agent(1)/ssh-add(1) does all of its authentication locally, so my extremely naive reading is that it'd be immune to this particular type of attack, since human-typed passphrases never cross the network. Bruce. --==_Exmh_-784623144P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: Exmh version 2.3.1+ 05/14/2001 iD8DBQE7hEno2MoxcVugUsMRArNrAJ48wC3f2ohuJPyRsGXgRbPeujFBOwCfaMiQ IGRJRrAlgZcd5LzeTI8mm7E= =mGrn -----END PGP SIGNATURE----- --==_Exmh_-784623144P-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200108230010.f7N0AGf27563>