From: Eugen Leitl (eugen@leitl.org)
Date: Fri Sep 13 2002 - 02:54:14 MDT
On Fri, 13 Sep 2002, Ross A. Finlayson wrote:
> The other day I was thinking about the discussion about the keyboard
> sampling to get "random" numbers. Those numbers or statistics aren't
> particularly random. In fact, they're almost completely signature, for
> a large enough sample of keyboard or mouse activity two different
> persons' entry would reveal which person it was.
As SSH doesn't do traffic whitening there's a simple typing timing model
which allows you to "break" the system in realtime, without even touching
the cypher. It's all in the timing.
This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 09:17:00 MST