On Thu, 6 Sep 2001, Jim Breton wrote:

> On Thu, Sep 06, 2001 at 01:03:44PM -0700, Bill Studenmund wrote:
> > The point of the paper is that you can watch an ssh session and have a
> > good idea when someone is interactivly typing a password.
>
> Doesn't OpenSSH mitigate this by sending bogus packets back to the client?

I think it tries to (probably quite hard), but I don't think it is
perfect. I don't think it could ever be perfect about this. The openssh
folks would know more.

> At least the newer versions do (2.9 and so on).  Are we saying that that
> does not work well enough?  Or is it just the fact that we are not on
> 2.9 yet?

Not sure.

Take care.

Bill