Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S270206AbTGWLni (ORCPT ); Wed, 23 Jul 2003 07:43:38 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S270210AbTGWLnh (ORCPT ); Wed, 23 Jul 2003 07:43:37 -0400 Received: from twilight.cs.hut.fi ([130.233.40.5]:64956 "EHLO twilight.cs.hut.fi") by vger.kernel.org with ESMTP id S270206AbTGWLnD (ORCPT ); Wed, 23 Jul 2003 07:43:03 -0400 Date: Wed, 23 Jul 2003 14:57:43 +0300 From: Ville Herva To: "David S. Miller" Cc: Herbert Xu , a.marsman@aYniK.com, alan@lxorguk.ukuu.org.uk, linux-kernel@vger.kernel.org Subject: Re: 2.4.22-pre7: are security issues solved? Message-ID: <20030723115742.GK150921@niksula.cs.hut.fi> Mail-Followup-To: Ville Herva , "David S. Miller" , Herbert Xu , a.marsman@aYniK.com, alan@lxorguk.ukuu.org.uk, linux-kernel@vger.kernel.org References: <20030723033505.145db6b8.davem@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030723033505.145db6b8.davem@redhat.com> User-Agent: Mutt/1.4i Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1404 Lines: 33 On Wed, Jul 23, 2003 at 03:35:05AM -0700, you [David S. Miller] wrote: > On Wed, 23 Jul 2003 19:56:47 +1000 > Herbert Xu wrote: > > > Aschwin Marsman wrote: > > > > > >> CAN-2003-0461: /proc/tty/driver/serial reveals the exact character counts > > >> for serial links. This could be used by a local attacker to infer password > > >> lengths and inter-keystroke timings during password entry. > > > > What's the problem with exposing those counters? > > If I know your password is 7 characters I have a smaller > space of passwords to search to just brute-force it. Further, if you monitor the /proc/tty/driver/serial character counts with small enough resolution, I guess you could learn the delays between individual key presses when the user enters his password. This can be used to further aid the brute force attack (delays between different key pairs have different average delays statistically, just as different characters have different frequencies in a given language. I think there is a paper on this, and someone suggested an attack like this for snooping ssh passwords.) -- v -- v@iki.fi - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/