Alfred Perlstein wrote:
| * Greg Black <[EMAIL PROTECTED]> [010822 19:46] wrote:
| > Matt Dillon wrote:
| > | This gets an 'A' on my cool-o-meter.
| > |
| > | http://www.vnunet.com/News/1124839
| >
| > The real research might be interesting, but the information in
| > the article seems to be wrong. It says:
| >
| > Each keystroke from a user is immediately sent to the target
| > machine as a separate IP packet. By performing a statistical
| > study on a user's typing patterns, and applying a key
| > sequence prediction algorithm, the researchers managed to
| > successfully predict key sequences from inter-keystroke
| > timings.
| >
| > While this is true for events that occur while you are typing at
| > something like an xterm, it's not true while you type in a
| > password. In that case the ssh client at your end collects the
| > entire password, encrypts it, and transmits the whole thing when
| > you hit <Enter>.
| >
| > How are they going to determine inter-keystroke timings from
| > that? Maybe the real trick is much cooler than what is shown in
| > the article ...
|
| No, the idea is that one may have ssh'd into a remote host that's
| trusted, and there the user is typing a password to access something
| from the trusted host.
|
| One could do the statistical analysis then.
Ah, I see. That's something that's on my list of things not to
do, so I didn't consider it. My rule is never to type passwords
once I'm logged into a host; and even if I have to type another
ssh password to jump to another host that needs a password, my
method is to type the password locally on the physical trusted
machine I'm using and then cut and paste it into the application
that's waiting for it.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
