SSH Vulnerability and the Future of SSL

iamchris writes "Growing complacent in regards to security is dangerous. I've become more and more dependant on the SSL-type tools for my security... ssh itself, ssl for my web content, scp, sftp, etc... We all know nothing is 100% secure (or if you don't, God help you). An article on Security Focus cites a vulnerability with SSH and passwords. We usually type them in letter-by-letter. A lot of information can be gleaned from the timing of the keystrokes and some (relatively simple) packet decoding. Is there a better alternative to SSL based tools (Perhaps TLS)? Is there anything that can be done with the clients help with the small packet issue?"

Right...

and even more information can be gleaned from looking over someone's back when they type. Let's be serious, guys. ;-)

I have to agree

[Ron+Harwood]

The timing of keyboard strokes??? Holy crap - I've just got better things to be worrying about...

Then again, perhaps my typo rate (and requisite back spaces) have helped me all this time.

How to foil this method of password detection

[ratguy]

I think the best way to avoid this sort of password cracking is to somehow impair your motor skills.

This is why I always type drunk.

Ratguy

Re:How to foil this method of password detection

[Phroggy]

This is why I always type drunk.

On the downside, you tend to type "rm" when you mean "mv" and "mke2fs" when you mean "e2fsck", but that's a small price to pay for security!

Typing

[Swaffs]

"We usually type them in letter-by-letter."

I usually just mash the keyboard with my fist in one shot. Sure, it takes a little longer than normal typing to get the right password, but no one's going to be guessing MY password.