Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] remote admin: su vs login as root
  • From: Douglas Trainor <trainor@xxxxxxx>
  • Date: Wed, 09 Jan 2002 15:55:58 -0600
  • Message-id: <3C3CBC6E.2A68F0AC@xxxxxxx>
You might browse this paper:

"Timing Analysis of Keystrokes and Timing Attacks on SSH"
by Dawn Xiaodong Song, David Wagner, and Xuqing Tian.
10th USENIX Security Symposium, 2001. They're from UCB
and they're smart.



Matt Hubbard wrote:

> List,
> If I su to root after logging in via ssh then I am still transmitting my
> root password (although it is encrypted). From a security standpoint,
> what's the difference in exposure?
> Matt Hubbard
> PS - Thanks for the great feedback!
> --
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx

< Previous Next >