Comment by Zamicol

2 years ago

Here's a 2008 article about a 2001(!) paper noting such timing attacks: https://lwn.net/Articles/298833/

>This weakness was outlined in a 2001 paper entitled Timing analysis of keystrokes and timing attacks on SSH" [PDF] which looked specifically at the timing-based attack:

>In this paper we study users' keyboard dynamics and show that the timing information of keystrokes does leak information about the key sequences typed. Through more detailed analysis we show that the timing information leaks about 1 bit of information about the content per keystroke pair. Because the entropy of passwords is only 4-8 bits per character, this 1 bit per keystroke pair information can reveal significant information about the content typed.

I thought this was fixed a long time ago and I thought there was a fix pushed around the 2012 time period. I'm totally shocked this has not been previously address.

2 comments

Zamicol

abwizz 2 years ago

> I'm totally shocked this has not been previously address.

same same

i rekon there is more going on

Zamicol 2 years ago

>previously addressed*.
I am the king of typos and misspelling.