From owner-freebsd-hackers  Sat Aug 25 13:48:54 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.86.163])
	by hub.freebsd.org (Postfix) with ESMTP id 4A51937B40C
	for <freebsd-hackers@FreeBSD.ORG>; Sat, 25 Aug 2001 13:48:50 -0700 (PDT)
	(envelope-from phk@critter.freebsd.dk)
Received: from critter (localhost [127.0.0.1])
	by critter.freebsd.dk (8.11.4/8.11.4) with ESMTP id f7PKmDT38521;
	Sat, 25 Aug 2001 22:48:17 +0200 (CEST)
	(envelope-from phk@critter.freebsd.dk)
To: 520066542279-0001@t-online.de (Harold Gutch)
Cc: Matt Dillon <dillon@earth.backplane.com>,
	Alfred Perlstein <bright@mu.org>, freebsd-hackers@FreeBSD.ORG
Subject: Re: ssh password cracker - now this *is* cool! 
In-Reply-To: Your message of "Sat, 25 Aug 2001 22:39:07 +0200."
             <20010825223907.A44732@foobar.franken.de> 
Date: Sat, 25 Aug 2001 22:48:13 +0200
Message-ID: <38519.998772493@critter>
From: Poul-Henning Kamp <phk@critter.freebsd.dk>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

In message <20010825223907.A44732@foobar.franken.de>, Harold Gutch writes:
>On Wed, Aug 22, 2001 at 04:47:15PM -0700, Matt Dillon wrote:
>> :* Matt Dillon <dillon@earth.backplane.com> [010822 18:30] wrote:
>> :>     This gets an 'A' on my cool-o-meter.
>> :> 
>> :> 	http://www.vnunet.com/News/1124839
>> :
>> :Interesting, I guess one could work around it by periodically
>> :sending bogus empty packets in the middle of activity.
>> 
>>     Yah, and typing backspaces also ought to work.  12345bb45bb45678b8<return>
>
>
>Dug Song and Solar Designer held a talk on this topic at HAL 2001,
>where they stated that backspaces could be detected, as a
>backspace actually translated to <Cursorleft><Space><Cursorleft>
>thus sending 3 characters at a time instead of only 1.

That's pretty BS because passwords are not echoed...

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message