Re: Sniffing SSH and HTTPS
>>>>> "Michael" == Michael Wood <mwood@its.uct.ac.za> writes:
Michael> Ahhh, but this is quite easily guessable, since for most
Michael> stuff you type, the server echos it. For passwords, it
Michael> doesn't. i.e. just watch the SSH session, and when you see
Michael> packets going to the server that aren't being echoed you know
Michael> the person is typing a password and you can count the
Michael> characters.
Frightening that echoing *'s for the password could actually have
security *advantages*.
-Eric
Reply to: