keystroke timing attack

Denis Ducamp Denis.Ducamp at hsc.fr
Sat Nov 10 20:49:12 EST 2001


On Fri, Nov 09, 2001 at 11:33:01PM -0600, mouring at etoh.eviladmin.org wrote:
> 
> That is the point if you can cleanly and simply implement that I'm sure a
> lot of people would be happy, but one can not randomly pick what to
> send right away and what can wait for an enter.
> 
> SSL encrypted telnet would have the same problem. I think technically any
> interactive VPN or IPSec session could have the same problem if I've read
> all the white papers rights.

Yes, telnet in ssl is vulnerable to such a passive analyse.

With a recent openssh, exact password lengths aren't guessable; but
passwords typed in the ssh session, ie after ssh authentication, are
detectable because there isn't any echo returned by the server to the
client.

For more informations on SSH passive analyse, look at 3rd openwall's
advisory at http://www.openwall.com/advisories/ and use the sshow utility in
that advisory or in dsniff 2.4-beta1 to see how it works very well.

You may do the same with telnet sessions in ssl (per exemple with stunnel)
by using ssldump from http://www.rtfm.com/ssldump/ to see lenghts of ssl
data travelling between client and server.

Denis Ducamp.



More information about the openssh-unix-dev mailing list