Patching a SSH 'Weakness'

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: <misc@...>

Date: Wednesday, September 10, 2008 - 3:58 pm

Hi,

Some secure protocols like SSH send encrypted keystrokes
as they're typed. By doing timing analysis you can figure
out which keys the user probably typed (keys that are
physically close together on a keyboard can be typed
faster). A careful analysis can reveal the length of
passwords and probably some of password itself.

The paper:

http://portal.acm.org/citation.cfm?
id=1267612.1267637&coll=Portal&dl=GUIDE&CFID=1943417&C
FTOKEN=28290455

I'm seriously considering implementing a fix for this
weakness. Is there any interest in incorporating this
sort of thing into openBSD?

Cheers --Kevin

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Patching a SSH 'Weakness', Kevin Neff, (Wed Sep 10, 3:58 pm)

Re: Patching a SSH 'Weakness', Mike M, (Fri Sep 12, 8:01 am)

Re: Patching a SSH 'Weakness', Kevin Neff, (Fri Sep 12, 10:02 am)

Re: Patching a SSH 'Weakness', johan beisser, (Fri Sep 12, 5:32 pm)

Re: Patching a SSH 'Weakness', STeve Andre', (Wed Sep 10, 10:56 pm)

Re: Patching a SSH 'Weakness', Giancarlo Razzolini, (Thu Sep 11, 11:06 am)

Re: Patching a SSH 'Weakness', Damien Miller, (Thu Sep 11, 2:28 am)

Re: Patching a SSH 'Weakness', STeve Andre', (Thu Sep 11, 8:50 am)

Re: Patching a SSH 'Weakness', Aaron Glenn, (Thu Sep 11, 12:40 am)

Re: Patching a SSH 'Weakness', Johan Beisser, (Thu Sep 11, 1:35 am)

Re: Patching a SSH 'Weakness', Hari, (Wed Sep 10, 9:06 pm)

Re: Patching a SSH 'Weakness', Paul de Weerd, (Thu Sep 11, 4:49 am)

Re: Patching a SSH 'Weakness', Darrin Chandler, (Wed Sep 10, 10:21 pm)

Re: Patching a SSH 'Weakness', Marco Peereboom, (Wed Sep 10, 9:50 pm)

Re: Patching a SSH 'Weakness', Damien Miller, (Wed Sep 10, 8:59 pm)


linux-kernel:
Jeff Garzik	[PATCH 1/9] irq-remove: core
Jamie Lokier	Re: POHMELFS high performance network filesystem. Transactions, failover, performa...
Dave Young	Re: 2.6.24-rc3-mm1
Willy Tarreau	Re: From 2.4 to 2.6 to 2.7?
git:

linux-activists:
Dan Miner	Compilation speeds (was Re: No patchlevel 3.}
Ian Jackson	RFD: comp.os.linux split
X X	X11 GIf viewer somewhere?
root	Broken pipe when using reboot/halt, etc.
linux-netdev:
Natalie Protasevich	[BUG] New Kernel Bugs
Gerrit Renker	[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
David Miller	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
David Miller	[GIT]: Networking

Patching a SSH 'Weakness'

Online users