Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] remote admin: su vs login as root
  • From: John Andersen <jsa@xxxxxxxxxxxxxx>
  • Date: Wed, 9 Jan 2002 21:36:33 -0900
  • Message-id: <200201100636.g0A6aYb20994@xxxxxxxxxxxxxx>
On Wednesday 09 January 2002 12:55 pm, Douglas Trainor wrote:
> You might browse this paper:
>
> "Timing Analysis of Keystrokes and Timing Attacks on SSH"
> by Dawn Xiaodong Song, David Wagner, and Xuqing Tian.
> 10th USENIX Security Symposium, 2001. They're from UCB
> and they're smart.

Having read the paper, I'm not impressed.
Its a weak tool to begin with and totally defeated by
a reasonablly long password an an occasional typing cadence
change or a key caching agent .

--
_________________________________
John Andersen / Juneau Alaska

< Previous Next >