To: linux-kernel@vger.kernel.org
Path: not-for-mail
From: daw@mozart.cs.berkeley.edu (David Wagner)
Newsgroups: isaac.lists.linux-kernel
Subject: Re: 2.4.22-pre7: are security issues solved?
Date: Wed, 23 Jul 2003 17:50:14 +0000 (UTC)
Organization: University of California, Berkeley
Distribution: isaac
Message-ID: <bfmhsm$n1o$2@abraham.cs.berkeley.edu>
References: <Pine.LNX.4.44.0307212234390.3580-100000@localhost.localdomain> <E19fGMZ-0000Zm-00@gondolin.me.apana.org.au> <20030723033505.145db6b8.davem@redhat.com> <20030723115742.GK150921@niksula.cs.hut.fi>
NNTP-Posting-Host: mozart.cs.berkeley.edu
NNTP-Posting-Date: Wed, 23 Jul 2003 17:50:14 +0000 (UTC)
Originator: daw@mozart.cs.berkeley.edu (David Wagner)
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1214
Lines: 18

Ville Herva  wrote:
>Further, if you monitor the /proc/tty/driver/serial character counts with
>small enough resolution, I guess you could learn the delays between
>individual key presses when the user enters his password. This can be used
>to further aid the brute force attack (delays between different key pairs
>have different average delays statistically, just as different characters
>have different frequencies in a given language. I think there is a paper on
>this, and someone suggested an attack like this for snooping ssh
>passwords.)

Yes.  The paper describing the attack on SSH is here:
  http://www.cs.berkeley.edu/~daw/papers/ssh-use01.ps
  http://www.cs.berkeley.edu/~daw/papers/ssh-use01.pdf
  Dawn Xiaodong Song, David Wagner, and Xuqing Tian,
  "Timing Analysis of Keystrokes and Timing Attacks on SSH",
  10th USENIX Security Symposium, 2001.
A nice summary can be found here:
  http://linux.oreillynet.com/lpt/a/linux/2001/11/08/ssh_keystroke.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/