[Bug 763] Add Null packet keepalive option

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Mon Nov 24 19:05:12 EST 2003


------- Additional Comments From v at iki.fi  2003-11-24 01:05 -------
I assume Ralf Hauser invited me to add myself to Cc list of this bug because of
this comment:


So here it is for the record:

  What about the randomness? Isn't there some information exposed currently as
  to at what time and how many times the user for example presses keys? I
  think there was a proposed attack to record the relative timing of packets
  sent by ssh after each key press and to use that information to analyze what
  kind of password the user might have typed. Inserting random traffic to the
  stream might mitigate this information leak? Or has this been handled by
  other means?

What tried to address with the above comment is what is described in 

  Dawn Xiaodong Song, David Wagner, and Xuqing Tian,
  "Timing Analysis of Keystrokes and Timing Attacks on SSH",
  10th USENIX Security Symposium, 2001.


A summary:

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the openssh-bugs mailing list