Researchers develop SSH cracker

[InfoSec News <isn () c4i org>]

http://www.vnunet.com/News/1124839

By James Middleton 
21-08-2001

Researchers at the University of California at Berkeley have
discovered more vulnerabilities in Secure Shell (SSH) which allow an
attacker to learn significant information about what data is being
transferred in SSH sessions, including passwords.

SSH was designed as a secure channel between two machines, based on
strong encryption and authentication. But by observing the rhythm of
keystrokes, and using advanced statistical techniques on timing
information collected, attackers can pick up significant details.

Each keystroke from a user is immediately sent to the target machine
as a separate IP packet. By performing a statistical study on a user's
typing patterns, and applying a key sequence prediction algorithm, the
researchers managed to successfully predict key sequences from
inter-keystroke timings.

A password cracker program, dubbed Herbivore, was developed on the
back of the research. Herbivore is capable of learning a user's
password by monitoring SSH sessions.

"Unfortunately, SSH is not as bullet proof as one would hope. Our
attack shows that an eavesdropper can learn sensitive information
about a user's data, such as passwords, over SSH," said Dawn Xiaodong
Song, one of the researchers.

Another vulnerability allowing remote access to SSH accounts with two
character passwords was also discovered last week.

A white paper, entitled Timing Analysis of Keystrokes and Timing
Attacks on SSH, is available here.

http://paris.cs.berkeley.edu/~dawnsong/papers/ssh-timing.pdf



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.