August 17, 2001

New SSH attack weakens passwords

Author: JT Smith "A team of researchers from the University of California at Berkeley revealed two
weaknesses in Secure Shell (SSH) implementations Friday that allow an eavesdropper to learn the
exact length of a user's password by observing the rhythm of their keystrokes.

By using advanced statistical techniques on timing information collected over the network,
researchers also found that the eavesdropper can learn significant information about what users
type in SSH sessions."


  • Linux
Click Here!