Packet Timing and Data Leaks

Jochen Bern Jochen.Bern at binect.de
Tue Aug 8 20:38:14 AEST 2023


On 08.08.23 00:30, Damien Miller wrote:
> For ssh, IMO sending interactive traffic on a fixed clock (e.g. every
> 2-4ms) instead of as soon as possible, and adding fake keystroke packets
> for some interval after the user stops generating traffic is the way to
> fix it.

Top touch typing speeds get to about 100 wpm; with an average of 4.7 
letters per word in English, that's a bit short of 10 keystrokes per 
second, or 100 ms between. So, I'd guess that you could make that 
quantization a *lot* coarser (*if* you can keep it reliably applying 
only to manual input, and, e.g., side-step the algo when the user is 
copy-pasting into the terminal window instead).

Of course, this will telegraph to any snoop that this mechanism *is* in 
effect - and that minute changes in inter-packet delay might instead be 
leaking information from the cryptalgorithm. If we want to keep them 
guessing (and desparately doing more and more complex statistics), 
sending characters in groups of two or three (as soon as either that 
many have been entered, or we reach a dynamic-and-randomized timeout 
waiting for that) might be a better approach.

Kind regards,
-- 
Jochen Bern
Systemingenieur

Binect GmbH
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3449 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20230808/68390ad9/attachment-0001.p7s>


More information about the openssh-unix-dev mailing list