Date: Thu, 23 Aug 2001 10:45:07 +1000 From: Greg Black <gjb@gbch.net> To: Matt Dillon <dillon@earth.backplane.com> Cc: freebsd-hackers@freebsd.org Subject: Re: ssh password cracker - now this *is* cool! Message-ID: <nospam-998527507.28418@maxim.gbch.net> In-Reply-To: <200108222330.f7MNUUj80882@earth.backplane.com> of Wed, 22 Aug 2001 16:30:30 MST References: <200108222330.f7MNUUj80882@earth.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Matt Dillon wrote: | This gets an 'A' on my cool-o-meter. | | http://www.vnunet.com/News/1124839 The real research might be interesting, but the information in the article seems to be wrong. It says: Each keystroke from a user is immediately sent to the target machine as a separate IP packet. By performing a statistical study on a user's typing patterns, and applying a key sequence prediction algorithm, the researchers managed to successfully predict key sequences from inter-keystroke timings. While this is true for events that occur while you are typing at something like an xterm, it's not true while you type in a password. In that case the ssh client at your end collects the entire password, encrypts it, and transmits the whole thing when you hit <Enter>. How are they going to determine inter-keystroke timings from that? Maybe the real trick is much cooler than what is shown in the article ... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?nospam-998527507.28418>