ONJava.com -- The Independent Source for Enterprise Java
oreilly.comSafari Books Online.Conferences.

advertisement

AddThis Social Bookmark Button
Article:
  Time and Tide Wait for No Protocol
Subject:   easy maybe
Date:   2003-04-05 13:58:50
From:   anonymous2
Response to: easy maybe

Actually res, I think you have missed the point being made by xinwenfu.


When a user authenticates to some system or service while using an SSH connection (not authentication of the SSH connection itself), SSH could be patched to spot that a password is being typed and rather than send each character at a time (suseptable to the timeing attack), it should gather them and send then in a single packet, just like it does already for it's own connections.


It's a good idea but I suspect a little difficult to achive because it would be quite hard for SSH to spot the very different password mechanisums of the many and various systems and services in use in the real world.