Re: 2.4.22-pre7: are security issues solved?

From: David Wagner (
Date: Wed Jul 23 2003 - 12:50:14 EST

Ville Herva wrote:
>Further, if you monitor the /proc/tty/driver/serial character counts with
>small enough resolution, I guess you could learn the delays between
>individual key presses when the user enters his password. This can be used
>to further aid the brute force attack (delays between different key pairs
>have different average delays statistically, just as different characters
>have different frequencies in a given language. I think there is a paper on
>this, and someone suggested an attack like this for snooping ssh

Yes. The paper describing the attack on SSH is here:
  Dawn Xiaodong Song, David Wagner, and Xuqing Tian,
  "Timing Analysis of Keystrokes and Timing Attacks on SSH",
  10th USENIX Security Symposium, 2001.
A nice summary can be found here:
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

This archive was generated by hypermail 2b29 : Wed Jul 23 2003 - 22:00:49 EST