On 9/10/2008 at 2:58 PM Kevin Neff wrote: |Hi, | |Some secure protocols like SSH send encrypted keystrokes |as they're typed. By doing timing analysis you can figure |out which keys the user probably typed (keys that are |physically close together on a keyboard can be typed |faster). A careful analysis can reveal the length of |passwords and probably some of password itself. =============I do not agree with that statement. Using two fingers I can hit the "A" and "L" keys nearly simultaneously (probably could even hit them simultaneously if I tried enough). The statement seems to rely upon the typist being a one-finger typer.