Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] remote admin: su vs login as root
  • From: Douglas Trainor <trainor@xxxxxxx>
  • Date: Wed, 09 Jan 2002 15:55:58 -0600
  • Message-id: <3C3CBC6E.2A68F0AC@xxxxxxx>
You might browse this paper:

"Timing Analysis of Keystrokes and Timing Attacks on SSH"
by Dawn Xiaodong Song, David Wagner, and Xuqing Tian.
10th USENIX Security Symposium, 2001. They're from UCB
and they're smart.

PostScript: http://www.cs.berkeley.edu/~daw/papers/ssh-use01.ps

PDF: http://www.cs.berkeley.edu/~daw/papers/ssh-use01.pdf

Matt Hubbard wrote:

> List,
>
> If I su to root after logging in via ssh then I am still transmitting my
> root password (although it is encrypted). From a security standpoint,
> what's the difference in exposure?
>
> Matt Hubbard
>
> PS - Thanks for the great feedback!
>
> --
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx


< Previous Next >
References