Slashdot Mirror

← Back to Stories (view on slashdot.org)

SSH Vulnerability and the Future of SSL

Posted by CmdrTaco on from the stuff-to-think-about dept.

iamchris writes "Growing complacent in regards to security is dangerous. I've become more and more dependant on the SSL-type tools for my security... ssh itself, ssl for my web content, scp, sftp, etc... We all know nothing is 100% secure (or if you don't, God help you). An article on Security Focus cites a vulnerability with SSH and passwords. We usually type them in letter-by-letter. A lot of information can be gleaned from the timing of the keystrokes and some (relatively simple) packet decoding. Is there a better alternative to SSL based tools (Perhaps TLS)? Is there anything that can be done with the clients help with the small packet issue?"

3 of 290 comments (clear)

  1. Right... by Anonymous Coward · · Score: 3, Funny

    and even more information can be gleaned from looking over someone's back when they type. Let's be serious, guys. ;-)

  2. I have to agree by Ron+Harwood · · Score: 3, Funny

    The timing of keyboard strokes??? Holy crap - I've just got better things to be worrying about...

    Then again, perhaps my typo rate (and requisite back spaces) have helped me all this time.

    --
    BlackNova Traders
  3. Typing by Swaffs · · Score: 3, Funny
    "We usually type them in letter-by-letter."

    I usually just mash the keyboard with my fist in one shot. Sure, it takes a little longer than normal typing to get the right password, but no one's going to be guessing MY password.

    --

    --
    "Karma can only be portioned out by the cosmos." - Homer Simpson [1F10]