Randomness in packet padding length as a feature

Mansour Moufid mansourmoufid at gmail.com
Thu Jan 27 09:22:37 EST 2011


Hello list,

RFC 4253 provides for per-packet random padding, the length of which
depends on the payload and the cipher block size. If I understand
correctly, for OpenSSH (5.7) this is done in packet.c lines 674-684
and 881-911?

Although the padding itself is random, its length is not, and the
final packet size is just a step function of the size of the payload.
This can be a problem to some users worried about traffic analysis.
One approach to address this has been to make the padding per-packet a
random value between 4 and 255 bytes, but is this planned to ever be a
feature?

Thanks for your time.


More information about the openssh-unix-dev mailing list