From owner-freebsd-hackers  Wed Aug 22 17:45:41 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from maxim.gbch.net (gw.gbch.net [203.24.22.66])
	by hub.freebsd.org (Postfix) with SMTP id 7832B37B420
	for <freebsd-hackers@freebsd.org>; Wed, 22 Aug 2001 17:45:17 -0700 (PDT)
	(envelope-from gjb@gbch.net)
Received: (qmail 28419 invoked by uid 1001); 23 Aug 2001 10:45:07 +1000
Message-ID: <nospam-998527507.28418@maxim.gbch.net>
X-Posted-By: GJB-Post 2.21 16-Jun-2001
X-Operating-System: FreeBSD 4.2-RELEASE i386
X-Location: Brisbane, Australia; 27.49841S 152.98439E
X-URL: http://www.gbch.net/gjb.html
X-Image-URL: http://www.gbch.net/gjb/gjb-auug048.gif
X-GPG-Fingerprint: EBB2 2A92 A79D 1533 AC00  3C46 5D83 B6FB 4B04 B7D6
X-PGP-Public-Keys: http://www.gbch.net/keys.html
Date: Thu, 23 Aug 2001 10:45:07 +1000
From: Greg Black <gjb@gbch.net>
To: Matt Dillon <dillon@earth.backplane.com>
Cc: freebsd-hackers@freebsd.org
Subject: Re: ssh password cracker - now this *is* cool! 
References: <200108222330.f7MNUUj80882@earth.backplane.com> 
In-reply-to: <200108222330.f7MNUUj80882@earth.backplane.com> 
	of Wed, 22 Aug 2001 16:30:30 MST
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

Matt Dillon wrote:

|     This gets an 'A' on my cool-o-meter.
| 
| 	http://www.vnunet.com/News/1124839

The real research might be interesting, but the information in
the article seems to be wrong.  It says:

    Each keystroke from a user is immediately sent to the target
    machine as a separate IP packet. By performing a statistical
    study on a user's typing patterns, and applying a key
    sequence prediction algorithm, the researchers managed to
    successfully predict key sequences from inter-keystroke
    timings.

While this is true for events that occur while you are typing at
something like an xterm, it's not true while you type in a
password.  In that case the ssh client at your end collects the
entire password, encrypts it, and transmits the whole thing when
you hit <Enter>.

How are they going to determine inter-keystroke timings from
that?  Maybe the real trick is much cooler than what is shown in
the article ...

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message