Date: Sat, 25 Aug 2001 22:48:13 +0200 From: Poul-Henning Kamp <phk@critter.freebsd.dk> To: 520066542279-0001@t-online.de (Harold Gutch) Cc: Matt Dillon <dillon@earth.backplane.com>, Alfred Perlstein <bright@mu.org>, freebsd-hackers@FreeBSD.ORG Subject: Re: ssh password cracker - now this *is* cool! Message-ID: <38519.998772493@critter> In-Reply-To: Your message of "Sat, 25 Aug 2001 22:39:07 %2B0200." <20010825223907.A44732@foobar.franken.de>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20010825223907.A44732@foobar.franken.de>, Harold Gutch writes: >On Wed, Aug 22, 2001 at 04:47:15PM -0700, Matt Dillon wrote: >> :* Matt Dillon <dillon@earth.backplane.com> [010822 18:30] wrote: >> :> This gets an 'A' on my cool-o-meter. >> :> >> :> http://www.vnunet.com/News/1124839 >> : >> :Interesting, I guess one could work around it by periodically >> :sending bogus empty packets in the middle of activity. >> >> Yah, and typing backspaces also ought to work. 12345bb45bb45678b8<return> > > >Dug Song and Solar Designer held a talk on this topic at HAL 2001, >where they stated that backspaces could be detected, as a >backspace actually translated to <Cursorleft><Space><Cursorleft> >thus sending 3 characters at a time instead of only 1. That's pretty BS because passwords are not echoed... -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38519.998772493>