Linux Today: Linux News On Internet Time.

VNU Net: Researchers develop SSH cracker

Aug 23, 2001, 08:01 (11 Talkback[s])
(Other stories by James Middleton)
"Researchers at the University of California at Berkeley have discovered more vulnerabilities in Secure Shell (SSH) which allow an attacker to learn significant information about what data is being transferred in SSH sessions, including passwords.

SSH was designed as a secure channel between two machines, based on strong encryption and authentication. But by observing the rhythm of keystrokes, and using advanced statistical techniques on timing information collected, attackers can pick up significant details.

Each keystroke from a user is immediately sent to the target machine as a separate IP packet. By performing a statistical study on a user's typing patterns, and applying a key sequence prediction algorithm, the researchers managed to successfully predict key sequences from inter-keystroke timings."

Complete Story

Related Stories: