On Wed, Jul 23, 2003 at 03:35:05AM -0700, you [David S. Miller] wrote:
> On Wed, 23 Jul 2003 19:56:47 +1000
> Herbert Xu <herbert@gondor.apana.org.au> wrote:
>
> > Aschwin Marsman <a.marsman@aynik.com> wrote:
> > >
> > >> CAN-2003-0461: /proc/tty/driver/serial reveals the exact character counts
> > >> for serial links. This could be used by a local attacker to infer password
> > >> lengths and inter-keystroke timings during password entry.
> >
> > What's the problem with exposing those counters?
>
> If I know your password is 7 characters I have a smaller
> space of passwords to search to just brute-force it.
Further, if you monitor the /proc/tty/driver/serial character counts with
small enough resolution, I guess you could learn the delays between
individual key presses when the user enters his password. This can be used
to further aid the brute force attack (delays between different key pairs
have different average delays statistically, just as different characters
have different frequencies in a given language. I think there is a paper on
this, and someone suggested an attack like this for snooping ssh
passwords.)
-- v --
v@iki.fi
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Jul 23 2003 - 22:00:49 EST