Randomness in packet padding length as a feature

Howard Chu hyc at symas.com
Thu Jan 27 10:57:33 EST 2011


Mansour Moufid wrote:
> Hello list,
>
> RFC 4253 provides for per-packet random padding, the length of which
> depends on the payload and the cipher block size. If I understand
> correctly, for OpenSSH (5.7) this is done in packet.c lines 674-684
> and 881-911?
>
> Although the padding itself is random, its length is not, and the
> final packet size is just a step function of the size of the payload.
> This can be a problem to some users worried about traffic analysis.
> One approach to address this has been to make the padding per-packet a
> random value between 4 and 255 bytes, but is this planned to ever be a
> feature?

When deciding if/how to implement this, keep in mind that a lot of us use SSH 
over cellphone networks where we pay per byte, bandwidth is low, and latencies 
are relatively high.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/


More information about the openssh-unix-dev mailing list