Author: JT Smith
Posted at LWN.net: “Solar Designer demonstrated that it is possible to do a passive
analysis on an ssh encrypted connection and obtain important
information about that connection. In particular, it is possible to
obtain the number of characters of a password (which can be the login
password itself or even passwords entered during interactive commands
such as “su”), type of authentication that was used (password or
publickey) and the numbers of characters typed in a shell.
This analysis can, for example, give valuable information that will
reduce the universe of passwords that have to be tried in a
brute-force attack.”
analysis on an ssh encrypted connection and obtain important
information about that connection. In particular, it is possible to
obtain the number of characters of a password (which can be the login
password itself or even passwords entered during interactive commands
such as “su”), type of authentication that was used (password or
publickey) and the numbers of characters typed in a shell.
This analysis can, for example, give valuable information that will
reduce the universe of passwords that have to be tried in a
brute-force attack.”
Category:
- Linux
