SSH Vulnerability and the Future of SSL

Posted by CmdrTaco on Wednesday August 22, 2001 @07:06AM from the stuff-to-think-about dept.

iamchris writes "Growing complacent in regards to security is dangerous. I've become more and more dependant on the SSL-type tools for my security... ssh itself, ssl for my web content, scp, sftp, etc... We all know nothing is 100% secure (or if you don't, God help you). An article on Security Focus cites a vulnerability with SSH and passwords. We usually type them in letter-by-letter. A lot of information can be gleaned from the timing of the keystrokes and some (relatively simple) packet decoding. Is there a better alternative to SSL based tools (Perhaps TLS)? Is there anything that can be done with the clients help with the small packet issue?"

2 of 290 comments (clear)

Min score:

Reason:

Sort:

Self Important Geeks? by _Neurotic · 2001-08-22 08:11 · Score: 0, Flamebait

Is is just me or are geeks in general overly ridiculous about security?

A lot of information can be gleaned from the timing of the keystrokes and some (relatively simple) packet decoding.

C'mon, raise your hand if your terminal sessions are the target of a spy agency...

I mean really, who cares about your little geeky passwords to your linux boxes enough to go through all this? Not to mention the physical limitations...
Jeezus... by ryanvm · 2001-08-22 08:22 · Score: 1, Flamebait

What the hell are you people doing that's so damn important?!? People are now timing your keystrokes to figure out your passwords?

I don't think I could pay someone enough to try that hard to figure out my passwords. I must be such a loser.