discussion about keystroke timing attacks against SSH on the cryptography ML
Howard Chu
hyc at symas.com
Thu Jan 8 07:57:11 AEDT 2015
Christoph Anton Mitterer wrote:
> Hi folks.
>
> FYI:
> There's a discussion[0] about keystroke timing attacks against SSH going
> on on the cryptography mailing list.
>
> Would be interesting to hear the opinion of some OpenSSH folks what
> SSH/OpenSSH is doing against this and what could maybe be don in
> addition.
> Especially since the main idea behind the attack is obviously not
> limited to the initial authentication phase when a password is entered
> and characters would be sent one-by-one... but applicable more generally
> to any interactive sessions.
>
This is why I use LINEMODE/EXTPROC...
https://github.com/hyc/OpenSSH-LINEMODE
> Cheers,
> Chris.
>
>
> [0] http://www.metzdowd.com/pipermail/cryptography/2015-January/024284.html
>
>
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
More information about the openssh-unix-dev
mailing list