New SSH attack weakens passwords

Researchers say the elapsed time between keystrokes can reveal much about your password

WASHINGTON--A team of researchers from the University of California at Berkeley revealed two weaknesses in Secure Shell (SSH) implementations Friday that allow an eavesdropper to learn the exact length of a user's password by observing the rhythm of their keystrokes.

To continue reading this article you must be a Bloomberg Professional Service Subscriber.