keystroke timing attack

Gert Doering gert at greenie.muc.de
Sat Nov 10 23:50:28 EST 2001


Hi,

On Fri, Nov 09, 2001 at 03:49:56PM -0800, Florin Andrei wrote:
> > How do you know that something the user types is a password (and not
> > "input to your favourite editor" or such)?
> 
> (walking on thin ice...)
> 
> Well, when you authenticate by using user/pass, this is what you type:
> 
> somecharacters<enter>
> someothercharacters<enter>
> nowtherealsessionstarts

Those are not the passwords the timing attacks talk about (they are sent
in a whole packet anyway).  If you enter passwords later on, you have
these.

> I'm not sure if the ssh client can distinguish between
> password-authenticated sessions and other sessions, but if it does, then
> send everything between the first and the second <enter> in one chunk.

The "initial connect password" is done that way.

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert.doering at physik.tu-muenchen.de



More information about the openssh-unix-dev mailing list