[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Timing attacks



I have had some success using timing against UNIX to find out what usernames
are valid on systems with finger &c disabled.  If a username does not exist,
it returns the "Login incorrect" a lot faster than it would if the username
existed but the password was incorrect.  I wonder how many other systems are
vulnerable to this sort of attack.