Just wait until you see me type!
On Thu, Sep 11, 2008 at 10:06:27AM +0900, Hari wrote:
> On Thu, Sep 11, 2008 at 4:58 AM, Kevin Neff <[EMAIL PROTECTED]> wrote:
> > Hi,
> >
> > Some secure protocols like SSH send encrypted keystrokes
> > as they're typed. By doing timing analysis you can figure
> > out which keys the user probably typed (keys that are
> > physically close together on a keyboard can be typed
> > faster). A careful analysis can reveal the length of
> > passwords and probably some of password itself.
> >
> > The paper:
> >
> > http://portal.acm.org/citation.cfm?
> > id=1267612.1267637&coll=Portal&dl=GUIDE&CFID=1943417&C
> > FTOKEN=28290455
>
> The paper itself is not accessible. Prima facie, this looked like a
> technology-in-search-of-a-problem kinda thing to me. For now, it
> sounds like bull.
> However, there are atleast 10 references to keystoke
> timing/characteristics. That this 'weakness' holds water is a
> judgement call. Of course, one can make any kind of conclusion only
> after studying the paper/references.
>
> Hari
