From owner-freebsd-hackers  Sat Aug 25 22:33: 5 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from scientia.demon.co.uk (scientia.demon.co.uk [212.228.14.13])
	by hub.freebsd.org (Postfix) with ESMTP id A7FF037B405
	for <freebsd-hackers@freebsd.org>; Sat, 25 Aug 2001 22:32:59 -0700 (PDT)
	(envelope-from ben@FreeBSD.org)
Received: from strontium.shef.vinosystems.com ([192.168.91.36] ident=root)
	by scientia.demon.co.uk with esmtp (Exim 3.30 #1)
	id 15asXZ-0006Bu-00; Sun, 26 Aug 2001 06:32:57 +0100
Received: (from ben@localhost)
	by strontium.shef.vinosystems.com (8.11.4/8.11.4) id f7Q5Wvw75346;
	Sun, 26 Aug 2001 06:32:57 +0100 (BST)
	(envelope-from ben@FreeBSD.org)
X-Authentication-Warning: strontium.shef.vinosystems.com: ben set sender to ben@FreeBSD.org using -f
Date: Sun, 26 Aug 2001 06:32:56 +0100
From: Ben Smithurst <ben@FreeBSD.org>
To: James Snow <snow@teardrop.org>
Cc: freebsd-hackers@FreeBSD.ORG
Subject: Re: ssh password cracker - now this *is* cool!
Message-ID: <20010826063256.Y33784@strontium.shef.vinosystems.com>
References: <200108222330.f7MNUUj80882@earth.backplane.com> <20010822183807.T81307@elvis.mu.org> <200108222347.f7MNlF781161@earth.backplane.com> <20010825223907.A44732@foobar.franken.de> <20010826012922.B79353@teardrop.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="qUsYCxAE223BCwdt"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010826012922.B79353@teardrop.org>
X-PGP-Key: http://www.smithurst.org/ben/pgp-key.txt
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG


--qUsYCxAE223BCwdt
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

James Snow wrote:

> I'm just looking at packet dumps, not source, but it looks to me like
> OpenSSH sends passwords all in one shot, not character by character.

The issue I believe is passwords you type after logging in (e.g.
changing your password or logging into another machine), not the
password you actually use to log in...

--=20
Ben Smithurst / ben@FreeBSD.org                 FreeBSD: The Power To Serve
                                                    http://www.FreeBSD.org/

--qUsYCxAE223BCwdt
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7iIoGbPzJ+yzvRCwRAj+BAKCreaGCQisuTLImwRifWQ8xF6md5QCeOD6x
AnbDBMjYmCjYkUXhXeMUt8I=
=6Vyi
-----END PGP SIGNATURE-----

--qUsYCxAE223BCwdt--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message