On Thu, Sep 11, 2008 at 10:06:27AM +0900, Hari wrote:
| On Thu, Sep 11, 2008 at 4:58 AM, Kevin Neff <[EMAIL PROTECTED]> wrote:
| > Hi,
| >
| > Some secure protocols like SSH send encrypted keystrokes
| > as they're typed. By doing timing analysis you can figure
| > out which keys the user probably typed (keys that are
| > physically close together on a keyboard can be typed
| > faster). A careful analysis can reveal the length of
| > passwords and probably some of password itself.
| >
| > The paper:
| >
| > http://portal.acm.org/citation.cfm?
| > id=1267612.1267637&coll=Portal&dl=GUIDE&CFID=1943417&C
| > FTOKEN=28290455
|
| The paper itself is not accessible. Prima facie, this looked like a
| technology-in-search-of-a-problem kinda thing to me. For now, it
| sounds like bull.
Sure the paper is accessible. Just google for "Timing Analysis of
Keystrokes and Timing Attacks on SSH". First hit is the PDF of the
article which is well written and explains the problem in great
detail.
Cheers,
Paul 'WEiRD' de Weerd
--
>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+
+++++++++++>-]<.>++[<------------>-]<+.--------------.[-]
http://www.weirdnet.nl/
