openssh and keystroke timing attacks (again)

Damien Miller djm at mindrot.org
Tue Dec 28 09:06:49 EST 2010


I'd like to have better keystroke timing countermeasures in OpenSSH, but
they are just too intrusive under the current mainloop design. I'd like
to renovate the mainloop some time and this would make implementing things
like this quite a bit more easy.

-d

On Mon, 27 Dec 2010, Andrew Clausen wrote:

> Hi all,
> 
> Over the past 10 years, there has been some discussion and several
> patches concerning keystroke timing being revealed by the timing of
> openssh packet network transmission.  The issue is that keystroke
> timing is correlated with the plaintext, and openssh users expect
> their communications to be kept entirely secret.
> 
> Despite some excellent ideas and patches, such as Jason Coit's
> 
> http://marc.info/?l=openssh-unix-dev&m=100326089315915&w=2
> 
> there has been little done to address this problem.  As far as I can
> tell, the only countermeasure implemented in OpenSSH is that the
> server will echo back dummy messages (rather than nothing) when users
> enter passwords.  But users expect all of their communication to be
> secret... not just their passwords!  (There is no project called
> "SecurePasswordShell"!)
> 
> I think Jason's approach is spot on:
>  * keystrokes should be only sent at predetermined intervals (eg:
> every 50ms, or 20 times a second)
>  * cover traffic at these fixed transmission times should be sent even
> if no keystroke is pressed.  This can be turned off whenever a user is
> idle for 3 seconds.
> 
> The security of Jason's proposal is clear: no information is leaked,
> except the timing of when the user starts and stops a typing spurt.
> This is because the same traffic pattern is created, regardless of the
> timing of the keystrokes.
> 
> Why is this feature not available in OpenSSH?  Jason's patch is almost
> 10 years old and doesn't apply to modern OpenSSH.  If I cleaned it up,
> would it be seriously considered for inclusion in a future release?
> 
> Cheers,
> Andrew
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
> 


More information about the openssh-unix-dev mailing list