Re: You say you are?

From: Eugen Leitl (eugen@leitl.org)
Date: Fri Sep 13 2002 - 02:54:14 MDT

• Next message: Hubert Mania: "Re: JOHN PERRY 9/11/02"
• Previous message: Samantha Atkins: "Re: META: Proposed Inclusion statement for ExI"
• In reply to: Ross A. Finlayson: "You say you are?"
• Next in thread: Mike Lorrey: "Re: You say you are?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Fri, 13 Sep 2002, Ross A. Finlayson wrote:

> The other day I was thinking about the discussion about the keyboard
> sampling to get "random" numbers. Those numbers or statistics aren't
> particularly random. In fact, they're almost completely signature, for
> a large enough sample of keyboard or mouse activity two different
> persons' entry would reveal which person it was.

As SSH doesn't do traffic whitening there's a simple typing timing model
which allows you to "break" the system in realtime, without even touching
the cypher. It's all in the timing.

• Next message: Hubert Mania: "Re: JOHN PERRY 9/11/02"
• Previous message: Samantha Atkins: "Re: META: Proposed Inclusion statement for ExI"
• In reply to: Ross A. Finlayson: "You say you are?"
• Next in thread: Mike Lorrey: "Re: You say you are?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 09:17:00 MST