keystroke timing attack
Markus Friedl
markus at openbsd.org
Mon Nov 12 00:12:44 EST 2001
On Sun, Nov 11, 2001 at 01:26:25AM +0100, Andersson, Mats wrote:
>
> Hi,
>
> On Sat, 10 Nov 2001, Markus Friedl wrote:
> > On Sat, Nov 10, 2001 at 10:49:12AM +0100, Denis Ducamp wrote:
> > > passwords typed in the ssh session, ie after ssh authentication, are
> > > detectable because there isn't any echo returned by the server to the
> > > client.
> >
> > note that recent openssh servers trie to send back fake echo packets
> > and defeat the SU-signature.
>
> The next release of MindTerm (an ssh1/ssh2 implementation in java found at
> www.appgate.com/mindterm) contains a client-side "countermeasure" against
> this timing attack aswell. It starts sending IGNORE messages, at
> pseudo-random short intervals, of same size as a channel-data packet
> containing a keystroke when one start typing and then keeps on sending
> these packets up to 2 seconds after last keypress, completely hiding the
> inter-keystroke timings.
but since the server won't send an 'echo' ignore message to the
client's ignore message, it's now possible to figure out the
SU-signature again!
moreover i don't think random intervalls help, i think you need 'fixed'
intervalls.
if you have random intervals, you can probably strip the random noise
if you have enough samples.
-m
More information about the openssh-unix-dev
mailing list