Packet Timing and Data Leaks
Jochen Bern
Jochen.Bern at binect.de
Tue Aug 8 20:38:14 AEST 2023
On 08.08.23 00:30, Damien Miller wrote:
> For ssh, IMO sending interactive traffic on a fixed clock (e.g. every
> 2-4ms) instead of as soon as possible, and adding fake keystroke packets
> for some interval after the user stops generating traffic is the way to
> fix it.
Top touch typing speeds get to about 100 wpm; with an average of 4.7
letters per word in English, that's a bit short of 10 keystrokes per
second, or 100 ms between. So, I'd guess that you could make that
quantization a *lot* coarser (*if* you can keep it reliably applying
only to manual input, and, e.g., side-step the algo when the user is
copy-pasting into the terminal window instead).
Of course, this will telegraph to any snoop that this mechanism *is* in
effect - and that minute changes in inter-packet delay might instead be
leaking information from the cryptalgorithm. If we want to keep them
guessing (and desparately doing more and more complex statistics),
sending characters in groups of two or three (as soon as either that
many have been entered, or we reach a dynamic-and-randomized timeout
waiting for that) might be a better approach.
Kind regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3449 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20230808/68390ad9/attachment-0001.p7s>
More information about the openssh-unix-dev
mailing list