March 28, 2001

Security update to OpenSSH

Author: JT Smith

Posted at "Solar Designer demonstrated that it is possible to do a passive
analysis on an ssh encrypted connection and obtain important
information about that connection. In particular, it is possible to
obtain the number of characters of a password (which can be the login
password itself or even passwords entered during interactive commands
such as "su"), type of authentication that was used (password or
publickey) and the numbers of characters typed in a shell.
This analysis can, for example, give valuable information that will
reduce the universe of passwords that have to be tried in a
brute-force attack."


  • Linux
Click Here!