Bugtraq: Re: OpenSSH/PAM timing attack allows remote users identification

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: OpenSSH/PAM timing attack allows remote users identification

From: ilja van sprundel <ilja () netric org>
Date: 1 May 2003 23:59:13 -0000

In-Reply-To: <Pine.LNX.4.30L2.0304301358220.9889-200000 () dns mediaservice net>

hm, this has been known for some time, 
and stealth of teso wrote a nice paper and some 
example tools for stuff like that :
http://www.team-teso.net/releases/epta.tgz

By Date By Thread

Current thread:

Re: OpenSSH/PAM timing attack allows remote users identification Ethan Benson (May 01)
- Re: OpenSSH/PAM timing attack allows remote users identification Nicolas Couture (May 02)
- Re: OpenSSH/PAM timing attack allows remote users identification Marco Ivaldi (May 05)
- <Possible follow-ups>
- Re: OpenSSH/PAM timing attack allows remote users identification Nicolas Couture (May 01)
- Re: OpenSSH/PAM timing attack allows remote users identification ilja van sprundel (May 02)
- Re: OpenSSH/PAM timing attack allows remote users identification Thilo Schulz (May 02)
  - Re: OpenSSH/PAM timing attack allows remote users identification Marco Ivaldi (May 02)
- Re: OpenSSH/PAM timing attack allows remote users identification Michael Shigorin (May 02)
  - Re: OpenSSH/PAM timing attack allows remote users identification Marco Ivaldi (May 02)
- Re: OpenSSH/PAM timing attack allows remote users identification Karl-Heinz Haag (May 02)