Re: Sniffing SSH and HTTPS

To: Michael Wood <mwood@its.uct.ac.za>
Cc: debian-security@lists.debian.org
Subject: Re: Sniffing SSH and HTTPS
From: Eric E Moore <e.e.moore@shef.ac.uk>
Date: Wed, 29 Aug 2001 13:40:20 +0100
Message-id: <[🔎] 87g0abxcnf.fsf@dyn006239.shef.ac.uk>
In-reply-to: <[🔎] 20010829093139.C30181@len.its.uct.ac.za> (Michael Wood's message of "Wed, 29 Aug 2001 09:31:39 +0200")
References: <[🔎] Pine.LNX.4.21.0108282022360.27979-100000@gatekeeper.jane.org> <[🔎] 871ylvivpo.fsf@hackerhue.ddts.net> <[🔎] 20010829093139.C30181@len.its.uct.ac.za>

>>>>> "Michael" == Michael Wood <mwood@its.uct.ac.za> writes:

Michael> Ahhh, but this is quite easily guessable, since for most
Michael> stuff you type, the server echos it.  For passwords, it
Michael> doesn't.  i.e.  just watch the SSH session, and when you see
Michael> packets going to the server that aren't being echoed you know
Michael> the person is typing a password and you can count the
Michael> characters.

Frightening that echoing *'s for the password could actually have
security *advantages*.

  -Eric

Reply to:

Follow-Ups:
- Re: Sniffing SSH and HTTPS
  - From: Ethan Benson <erbenson@alaska.net>

References:
- Re: Sniffing SSH and HTTPS
  - From: Richard <ricv@denhaag.org>
- Re: Sniffing SSH and HTTPS
  - From: Hubert Chan <hackerhue@geek.com>
- Re: Sniffing SSH and HTTPS
  - From: Michael Wood <mwood@its.uct.ac.za>

Prev by Date: Re: Sniffing SSH and HTTPS
Next by Date: Re: Sniffing SSH and HTTPS
Previous by thread: Re: Sniffing SSH and HTTPS
Next by thread: Re: Sniffing SSH and HTTPS
Index(es):
- Date
- Thread