From owner-freebsd-hackers Wed Aug 22 18: 5: 2 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from maxim.gbch.net (gw.gbch.net [203.24.22.66]) by hub.freebsd.org (Postfix) with SMTP id C5DA737B420 for ; Wed, 22 Aug 2001 18:04:34 -0700 (PDT) (envelope-from gjb@gbch.net) Received: (qmail 30702 invoked by uid 1001); 23 Aug 2001 11:04:28 +1000 Message-ID: X-Posted-By: GJB-Post 2.21 16-Jun-2001 X-Operating-System: FreeBSD 4.2-RELEASE i386 X-Location: Brisbane, Australia; 27.49841S 152.98439E X-URL: http://www.gbch.net/gjb.html X-Image-URL: http://www.gbch.net/gjb/gjb-auug048.gif X-GPG-Fingerprint: EBB2 2A92 A79D 1533 AC00 3C46 5D83 B6FB 4B04 B7D6 X-PGP-Public-Keys: http://www.gbch.net/keys.html Date: Thu, 23 Aug 2001 11:04:28 +1000 From: Greg Black To: Alfred Perlstein Cc: Matt Dillon , freebsd-hackers@freebsd.org Subject: Re: ssh password cracker - now this *is* cool! References: <200108222330.f7MNUUj80882@earth.backplane.com> <20010822194926.U81307@elvis.mu.org> In-reply-to: <20010822194926.U81307@elvis.mu.org> of Wed, 22 Aug 2001 19:49:26 EST Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Alfred Perlstein wrote: | * Greg Black [010822 19:46] wrote: | > Matt Dillon wrote: | > | This gets an 'A' on my cool-o-meter. | > | | > | http://www.vnunet.com/News/1124839 | > | > The real research might be interesting, but the information in | > the article seems to be wrong. It says: | > | > Each keystroke from a user is immediately sent to the target | > machine as a separate IP packet. By performing a statistical | > study on a user's typing patterns, and applying a key | > sequence prediction algorithm, the researchers managed to | > successfully predict key sequences from inter-keystroke | > timings. | > | > While this is true for events that occur while you are typing at | > something like an xterm, it's not true while you type in a | > password. In that case the ssh client at your end collects the | > entire password, encrypts it, and transmits the whole thing when | > you hit . | > | > How are they going to determine inter-keystroke timings from | > that? Maybe the real trick is much cooler than what is shown in | > the article ... | | No, the idea is that one may have ssh'd into a remote host that's | trusted, and there the user is typing a password to access something | from the trusted host. | | One could do the statistical analysis then. Ah, I see. That's something that's on my list of things not to do, so I didn't consider it. My rule is never to type passwords once I'm logged into a host; and even if I have to type another ssh password to jump to another host that needs a password, my method is to type the password locally on the physical trusted machine I'm using and then cut and paste it into the application that's waiting for it. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message