"Researchers at the University of California at
Berkeley have discovered more vulnerabilities in Secure Shell (SSH)
which allow an attacker to learn significant information about what
data is being transferred in SSH sessions, including passwords.
SSH was designed as a secure channel between two machines, based
on strong encryption and authentication. But by observing the
rhythm of keystrokes, and using advanced statistical techniques on
timing information collected, attackers can pick up significant
details.
Each keystroke from a user is immediately sent to the target
machine as a separate IP packet. By performing a statistical study
on a user's typing patterns, and applying a key sequence prediction
algorithm, the researchers managed to successfully predict key
sequences from inter-keystroke timings."