From owner-freebsd-hackers  Wed Aug 22 17:49:58 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from elvis.mu.org (elvis.mu.org [216.33.66.196])
	by hub.freebsd.org (Postfix) with ESMTP id E1A0937B40F
	for <freebsd-hackers@freebsd.org>; Wed, 22 Aug 2001 17:49:36 -0700 (PDT)
	(envelope-from bright@elvis.mu.org)
Received: by elvis.mu.org (Postfix, from userid 1192)
	id CD66681D06; Wed, 22 Aug 2001 19:49:26 -0500 (CDT)
Date: Wed, 22 Aug 2001 19:49:26 -0500
From: Alfred Perlstein <bright@mu.org>
To: Greg Black <gjb@gbch.net>
Cc: Matt Dillon <dillon@earth.backplane.com>,
	freebsd-hackers@freebsd.org
Subject: Re: ssh password cracker - now this *is* cool!
Message-ID: <20010822194926.U81307@elvis.mu.org>
References: <200108222330.f7MNUUj80882@earth.backplane.com> <nospam-998527507.28418@maxim.gbch.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <nospam-998527507.28418@maxim.gbch.net>; from gjb@gbch.net on Thu, Aug 23, 2001 at 10:45:07AM +1000
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

* Greg Black <gjb@gbch.net> [010822 19:46] wrote:
> Matt Dillon wrote:
> 
> |     This gets an 'A' on my cool-o-meter.
> | 
> | 	http://www.vnunet.com/News/1124839
> 
> The real research might be interesting, but the information in
> the article seems to be wrong.  It says:
> 
>     Each keystroke from a user is immediately sent to the target
>     machine as a separate IP packet. By performing a statistical
>     study on a user's typing patterns, and applying a key
>     sequence prediction algorithm, the researchers managed to
>     successfully predict key sequences from inter-keystroke
>     timings.
> 
> While this is true for events that occur while you are typing at
> something like an xterm, it's not true while you type in a
> password.  In that case the ssh client at your end collects the
> entire password, encrypts it, and transmits the whole thing when
> you hit <Enter>.
> 
> How are they going to determine inter-keystroke timings from
> that?  Maybe the real trick is much cooler than what is shown in
> the article ...

No, the idea is that one may have ssh'd into a remote host that's
trusted, and there the user is typing a password to access something
from the trusted host.

One could do the statistical analysis then.

-- 
-Alfred Perlstein [alfred@freebsd.org]
Ok, who wrote this damn function called '??'?
And why do my programs keep crashing in it?

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message