| |||||||||||||
One more reason...One more reason...Posted Sep 18, 2008 8:02 UTC (Thu) by alex (subscriber, #1355)Parent article: OpenSSH and keystroke timings
...to be using key-based logins
(Log in to post comments)
One more reason... Posted Sep 18, 2008 18:21 UTC (Thu) by djm (subscriber, #11651) [Link]
That's not the problem. Passwords typed during authentication are already quite secure - they are not sent keystroke by keystroke, rather in their entirety and padded up to the nearest 2^n in length (to hide their real length).
The problem is keystrokes typed once the session is up, e.g. your password after running "sudo". We already have measures in place to make it difficult for an eavesdropper to know when you are typing such a password, but they could still perform traffic analysis on the entire session.
|
|||||||||||||