"David S. Miller" <davem@redhat.com> writes:
> If I know your password is 7 characters I have a smaller
> space of passwords to search to just brute-force it.
This is not the real problem, IMHO.
If the counter is public, you can read it repeatedly to measure the
intervals between keypresses. If you take pair-wise timing into
account, you can narrow the search space considerably.
There's a detailed paper about the issue:
<http://www.ece.cmu.edu/~dawnsong/papers/ssh-timing.pdf>
(Even if the title says SSH, it applies to the public counter scenario
as well.)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Jul 31 2003 - 22:00:22 EST