openssh and keystroke timing attacks (again)

[Damien Miller]

On Mon, 27 Dec 2010, Andrew Clausen wrote:

> Hi Damien,
> 
> On 27 December 2010 17:06, Damien Miller <djm at mindrot.org> wrote:
> > I'd like to have better keystroke timing countermeasures in OpenSSH, but
> > they are just too intrusive under the current mainloop design. I'd like
> > to renovate the mainloop some time and this would make implementing things
> > like this quite a bit more easy.
> 
> Yes, I agree that the client_loop() could do with some renovation.
> What did you have in mind?

Probably converting it to libevent.

> For what it's worth, I actually implemented most of my proposal before
> finding Jason's patch from 10 years ago.  I only implemented the idea
> of only checking for input at regular intervals... there are no dummy
> messages, but that is trivial to add.  I attached my patch (against
> the source I lazily acquired via Ubuntu's 10.10 apt-get source
> command).
> 
> The main structural ingredient in the patch is a wrapper to select(2).
> This allows the caller to specify a list of timing events to be woken
> up on, in addition to file activity events.  This makes it easier to
> "multiplex" multiple timing events such as tcp_keep_alive and
> keystroke countermeasures along with the I/O events.  The wrapper's
> prototype and commentary follow:
> 
> /* This wrapper to select(2) allows the user to supply a list of sleep times
>  * to be woken up on.  The process is woken up either after activity on the
>  * fds, or when the soonest sleep time arrives.  In the latter case, the
>  * index of the relevant sleep event is recorded in *active_time.
>  */
> static int
> select_times(int nfds, fd_set *readfds, fd_set *writefds, fd_set *exceptfds,
>        int ntimes, struct timeval **times, int *active_time)

That's a nice solution.

However, I don't want to add further complexity here at least until I
have had one good crack at a libevent conversion. Hopefully I'll get some
time to look at this early this year.

-d