discussion about keystroke timing attacks against SSH on the cryptography ML

Christoph Anton Mitterer calestyo at scientia.net
Thu Jan 8 07:30:57 AEDT 2015


Hi folks.

FYI:
There's a discussion[0] about keystroke timing attacks against SSH going
on on the cryptography mailing list.

Would be interesting to hear the opinion of some OpenSSH folks what
SSH/OpenSSH is doing against this and what could maybe be don in
addition.
Especially since the main idea behind the attack is obviously not
limited to the initial authentication phase when a password is entered
and characters would be sent one-by-one... but applicable more generally
to any interactive sessions.

Cheers,
Chris.


[0] http://www.metzdowd.com/pipermail/cryptography/2015-January/024284.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5313 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20150107/f34edc5c/attachment-0001.bin>


More information about the openssh-unix-dev mailing list