On Wed, Jun 29, 2005 at 03:10:35PM -0400, Justin Pryzby wrote: > I suggest tagging this moreinfo,unreproducible, and downgrading when > and if that is necessary for new packages to move to testing (which > should be deliberately prevented until #314289 is fixed).
Please leave this bug in its current state. I'm sorry it's taken me so long to get round to investigating it, but from experience I have reason to suspect that it may well be valid and it certainly bears non-statistical investigation. Greg, I need to see your /etc/ssh/sshd_config in order to check this out. I would ask that the discussion about statistical analysis of login attempts please be taken to some different forum; while interesting, it merely means that I have much more information to trawl through when bringing myself up to speed on the bug, most of which is not really relevant to whether or not a timing attack on sshd is possible. Cheers, -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
