discussion about keystroke timing attacks against SSH on the cryptography ML

Howard Chu hyc at symas.com
Thu Jan 8 07:57:11 AEDT 2015

Christoph Anton Mitterer wrote:
> Hi folks.
> FYI:
> There's a discussion[0] about keystroke timing attacks against SSH going
> on on the cryptography mailing list.
> Would be interesting to hear the opinion of some OpenSSH folks what
> SSH/OpenSSH is doing against this and what could maybe be don in
> addition.
> Especially since the main idea behind the attack is obviously not
> limited to the initial authentication phase when a password is entered
> and characters would be sent one-by-one... but applicable more generally
> to any interactive sessions.

This is why I use LINEMODE/EXTPROC...


> Cheers,
> Chris.
> [0] http://www.metzdowd.com/pipermail/cryptography/2015-January/024284.html
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

More information about the openssh-unix-dev mailing list