keystroke timing attack
Andersson, Mats
mats.andersson at appgate.com
Sun Nov 11 11:26:25 EST 2001
Hi,
On Sat, 10 Nov 2001, Markus Friedl wrote:
> On Sat, Nov 10, 2001 at 10:49:12AM +0100, Denis Ducamp wrote:
> > passwords typed in the ssh session, ie after ssh authentication, are
> > detectable because there isn't any echo returned by the server to the
> > client.
>
> note that recent openssh servers trie to send back fake echo packets
> and defeat the SU-signature.
The next release of MindTerm (an ssh1/ssh2 implementation in java found at
www.appgate.com/mindterm) contains a client-side "countermeasure" against
this timing attack aswell. It starts sending IGNORE messages, at
pseudo-random short intervals, of same size as a channel-data packet
containing a keystroke when one start typing and then keeps on sending
these packets up to 2 seconds after last keypress, completely hiding the
inter-keystroke timings.
Cheers,
/Mats
More information about the openssh-unix-dev
mailing list