Randomness in packet padding length as a feature
Howard Chu
hyc at symas.com
Thu Jan 27 10:57:33 EST 2011
Mansour Moufid wrote:
> Hello list,
>
> RFC 4253 provides for per-packet random padding, the length of which
> depends on the payload and the cipher block size. If I understand
> correctly, for OpenSSH (5.7) this is done in packet.c lines 674-684
> and 881-911?
>
> Although the padding itself is random, its length is not, and the
> final packet size is just a step function of the size of the payload.
> This can be a problem to some users worried about traffic analysis.
> One approach to address this has been to make the padding per-packet a
> random value between 4 and 255 bytes, but is this planned to ever be a
> feature?
When deciding if/how to implement this, keep in mind that a lot of us use SSH
over cellphone networks where we pay per byte, bandwidth is low, and latencies
are relatively high.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
More information about the openssh-unix-dev
mailing list