On Thu, Sep 11, 2008 at 4:58 AM, Kevin Neff <[EMAIL PROTECTED]> wrote: > Hi, > > Some secure protocols like SSH send encrypted keystrokes > as they're typed. By doing timing analysis you can figure > out which keys the user probably typed (keys that are > physically close together on a keyboard can be typed > faster). A careful analysis can reveal the length of > passwords and probably some of password itself. > > The paper: > > http://portal.acm.org/citation.cfm? > id=1267612.1267637&coll=Portal&dl=GUIDE&CFID=1943417&C > FTOKEN=28290455
The paper itself is not accessible. Prima facie, this looked like a technology-in-search-of-a-problem kinda thing to me. For now, it sounds like bull. However, there are atleast 10 references to keystoke timing/characteristics. That this 'weakness' holds water is a judgement call. Of course, one can make any kind of conclusion only after studying the paper/references. Hari