Re: ssh password cracker - now this *is* cool!

[Greg Black]

Matt Dillon wrote:

|     This gets an 'A' on my cool-o-meter.
| 
|       http://www.vnunet.com/News/1124839

The real research might be interesting, but the information in
the article seems to be wrong.  It says:

    Each keystroke from a user is immediately sent to the target
    machine as a separate IP packet. By performing a statistical
    study on a user's typing patterns, and applying a key
    sequence prediction algorithm, the researchers managed to
    successfully predict key sequences from inter-keystroke
    timings.

While this is true for events that occur while you are typing at
something like an xterm, it's not true while you type in a
password.  In that case the ssh client at your end collects the
entire password, encrypts it, and transmits the whole thing when
you hit <Enter>.

How are they going to determine inter-keystroke timings from
that?  Maybe the real trick is much cooler than what is shown in
the article ...

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message