On Tue, Dec 07, 2004 at 08:53:55AM -0700, Michal Jaegermann wrote: > On the first glance this looks like a problem which has the > following entry in a changelog from openssh-3.1p1-14: > * Thu Jun 05 2003 Nalin Dahyabhai <nalin@xxxxxxxxxx> 3.1p1-7 > - backport patch to close timing attacks when PAM authentication is > short-circuited by other checks > At this iime I am not absolutely sure about that. That was my first thought too. In general, this isn't a particularly worrisome issue, since a dictionary attack is still required. It just makes the dictionary attack slightly easier. -- Matthew Miller mattdm@xxxxxxxxxx <http://www.mattdm.org/> Boston University Linux ------> <http://linux.bu.edu/> -- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
