On Tue, 15 Jul 2003 14:52:45 -0700, Aaron Suen wrote: > One rather odd scenario I concocted was the possibility of an attacker sniffing > at a point VERY close (i.e. same LAN switch) as somebody using an SSH client. > Since it's SSH, he can't listen in verbatim, but many SSH clients disable > Nagle, and, combined with the listener's proximity on the network, the listener > can time the delay between keystrokes to within 1ms or less.
This has already been done, and works extremely well. See: http://www.kb.cert.org/vuls/id/596827 I'm not aware of a current ssh implementation which does not have a fix for this; it should no longer be possible to tell what's a password and what isn't. See the references. -- Kyle R. Hofmann <[EMAIL PROTECTED]>
