RE: Keyboard Interactive Attack?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Wed, 22 Jul 2015, Malcolm wrote:

> Keep in mind this is something that in some system configurations can gently
> assist a remote password cracker, and isn't an "exploit".

Yeah, it just reduces the number of connections an attacker has to make
to attempt password guessing. It doesn't speed up the guesses themselves
or evade failure delays for wrong guesses.

The patch is already committed as
https://anongit.mindrot.org/openssh.git/patch/?id=5b64f85bb811246c59ebab
and the plan is to release it in OpenSSH 7.0, which is due in a few weeks.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux