Bugtraq mailing list archives

Re: OpenSSH/PAM timing attack allows remote users identification

From: ilja van sprundel <ilja () netric org>
Date: 1 May 2003 23:59:13 -0000

In-Reply-To: <Pine.LNX.4.30L2.0304301358220.9889-200000 () dns mediaservice net>

hm, this has been known for some time, 
and stealth of teso wrote a nice paper and some 
example tools for stuff like that :
http://www.team-teso.net/releases/epta.tgz

Current thread:

Re: OpenSSH/PAM timing attack allows remote users identification Ethan Benson (May 01)
- Re: OpenSSH/PAM timing attack allows remote users identification Nicolas Couture (May 02)
- Re: OpenSSH/PAM timing attack allows remote users identification Marco Ivaldi (May 05)
- <Possible follow-ups>
- Re: OpenSSH/PAM timing attack allows remote users identification Nicolas Couture (May 01)
- Re: OpenSSH/PAM timing attack allows remote users identification ilja van sprundel (May 02)
- Re: OpenSSH/PAM timing attack allows remote users identification Thilo Schulz (May 02)
  - Re: OpenSSH/PAM timing attack allows remote users identification Marco Ivaldi (May 02)
- Re: OpenSSH/PAM timing attack allows remote users identification Michael Shigorin (May 02)
  - Re: OpenSSH/PAM timing attack allows remote users identification Marco Ivaldi (May 02)
- Re: OpenSSH/PAM timing attack allows remote users identification Karl-Heinz Haag (May 02)