discussion about keystroke timing attacks against SSH on the cryptography ML

Christoph Anton Mitterer calestyo at scientia.net
Thu Jan 8 07:30:57 AEDT 2015

Hi folks.

There's a discussion[0] about keystroke timing attacks against SSH going
on on the cryptography mailing list.

Would be interesting to hear the opinion of some OpenSSH folks what
SSH/OpenSSH is doing against this and what could maybe be don in
Especially since the main idea behind the attack is obviously not
limited to the initial authentication phase when a password is entered
and characters would be sent one-by-one... but applicable more generally
to any interactive sessions.


[0] http://www.metzdowd.com/pipermail/cryptography/2015-January/024284.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5313 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20150107/f34edc5c/attachment-0001.bin>

More information about the openssh-unix-dev mailing list