On 2008-09-12, Toni Spets <[EMAIL PROTECTED]> wrote: > Stuart Henderson wrote: >> On 2008-09-12, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: >> > To all who opposed the suggestion to send one block of data >> > when the <Enter> key is pressed: my suggestion strictly referred >> > to the login procedure, not to the later data communication. I did >> > not mention this because I thought it was clear from the context >> > of the original poster who >> > has expressively mentioned "passwords". You may want to reconsider the >> > suggestion in this light. >> >> The initial password is sent as a block (of course that simple case >> was taken care of). The problem OP mentions relates to passwords typed >> within the session e.g. su, sudo, ssh to another host, ... >> >> >> > Wait, how do you know someone is typing a password inside the session > and not just writing a text file or typing arbitrary commands?
e.g. when eve's machine that's hijacking the network packets picks up an outgoing SSH connection.
