Article:  |
Time and Tide Wait for No Protocol | |
| Subject: | easy maybe | |
| Date: | 2002-02-10 08:42:02 | |
| From: | res | |
|
Response to: easy maybe
|
||
|
Read the article again -- I'm afraid you completely missed the point. SSH already does this; the timing attack is entirely unrelated. |
||
Showing messages 1 through 1 of 1.
-
easy maybe
2003-04-05 13:58:50 anonymous2 [View]
When a user authenticates to some system or service while using an SSH connection (not authentication of the SSH connection itself), SSH could be patched to spot that a password is being typed and rather than send each character at a time (suseptable to the timeing attack), it should gather them and send then in a single packet, just like it does already for it's own connections.
It's a good idea but I suspect a little difficult to achive because it would be quite hard for SSH to spot the very different password mechanisums of the many and various systems and services in use in the real world.