On Thursday 11 September 2008 02:28:58 Damien Miller wrote: > On Wed, 10 Sep 2008, STeve Andre' wrote: > > On Wednesday 10 September 2008 15:58:03 Kevin Neff wrote: > > > Hi, > > > > > > Some secure protocols like SSH send encrypted keystrokes > > > as they're typed. By doing timing analysis you can figure > > > out which keys the user probably typed (keys that are > > > physically close together on a keyboard can be typed > > > faster). A careful analysis can reveal the length of > > > passwords and probably some of password itself. > > > > This is nearly complete bullshit. For any individual, learning > > their characteristics could give rise to being able to know a > > great deal about what they are doing, but hardly for the > > general case. > > These two sentences contradict one another.
As a general method of attack, this won't work well. As a specific attack on someone whose characteristics are known, timing data will be more useful. --STeve Andre'
