Patching a SSH 'Weakness'

Score: 3

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: <misc@...>

Date: Wednesday, September 10, 2008 - 3:58 pm

Hi,

Some secure protocols like SSH send encrypted keystrokes
as they're typed.  By doing timing analysis you can figure
out which keys the user probably typed (keys that are
physically close together on a keyboard can be typed
faster).  A careful analysis can reveal the length of
passwords and probably some of password itself.

The paper:

  http://portal.acm.org/citation.cfm?
  id=1267612.1267637&coll=Portal&dl=GUIDE&CFID=1943417&C
  FTOKEN=28290455

I'm seriously considering implementing a fix for this
weakness.  Is there any interest in incorporating this
sort of thing into openBSD?

Cheers  --Kevin

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Patching a SSH 'Weakness', Kevin Neff, (Wed Sep 10, 3:58 pm)

Re: Patching a SSH 'Weakness', Mike M, (Fri Sep 12, 8:01 am)

Re: Patching a SSH 'Weakness', Kevin Neff, (Fri Sep 12, 10:02 am)

Re: Patching a SSH 'Weakness', johan beisser, (Fri Sep 12, 5:32 pm)

Re: Patching a SSH 'Weakness', STeve Andre', (Wed Sep 10, 10:56 pm)

Re: Patching a SSH 'Weakness', Giancarlo Razzolini, (Thu Sep 11, 11:06 am)

Re: Patching a SSH 'Weakness', Damien Miller, (Thu Sep 11, 2:28 am)

Re: Patching a SSH 'Weakness', STeve Andre', (Thu Sep 11, 8:50 am)

Re: Patching a SSH 'Weakness', Aaron Glenn, (Thu Sep 11, 12:40 am)

Re: Patching a SSH 'Weakness', Johan Beisser, (Thu Sep 11, 1:35 am)

Re: Patching a SSH 'Weakness', Hari, (Wed Sep 10, 9:06 pm)

Re: Patching a SSH 'Weakness', Paul de Weerd, (Thu Sep 11, 4:49 am)

Re: Patching a SSH 'Weakness', Darrin Chandler, (Wed Sep 10, 10:21 pm)

Re: Patching a SSH 'Weakness', Marco Peereboom, (Wed Sep 10, 9:50 pm)

Re: Patching a SSH 'Weakness', Damien Miller, (Wed Sep 10, 8:59 pm)


linux-kernel:
James Bruce	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Linus Torvalds	Linux 2.6.27-rc5
Jon Ivar Rykkelid	sata_nv issues with MCP51 SATA controller
Parag Warudkar	BUG: soft lockup - CPU#1 stuck for 15s! [swapper:0]
git:
Martin Langhoff	Re: pack operation is thrashing my server
Jon Smirl	! [rejected] master -> master (non-fast forward)
Bill Lear	Git rescue mission
Jon Smirl	Re: VCS comparison table
linux-activists:
Maurizio Codogno	SLS 0.99.2 mount problems
Yong-Ernn Daniel Ling	Re: MicroEmacs
Mark Saltzman	Gawk 2.13 problems
Douglas E. Quale	new libraries
linux-netdev:
Jarek Poplawski	[PATCH take 2] pkt_sched: Protect gen estimators under est_lock.
David Miller	Re: [PATCH] net: Avoid extra wakeups of threads blocked in wait_for_packet()
KOSAKI Motohiro	[bug?] tg3: Failed to load firmware "tigon/tg3_tso.bin"
Francois Romieu	Re: ksoftirqd high cpu load on kernels 2.6.24 to 2.6.27-rc1-mm1


KernelTrap: No Updates Into September, New Theme	1 day ago	KernelTrap Changes and News
spi uart interface	1 day ago	Linux kernel
sata_via causes emask timeout	4 days ago	Linux kernel
problem in Signals	6 days ago	Linux general
How would someone compile a 2.2.x kernel on a relatively modern system?	6 days ago	Linux kernel
Modems - GSM PPP fail to get IP address	6 days ago	Applications and Utilities
Who or what is Linus Torvalds?	1 week ago	Linux general
ethernet got wierd after 2.6.29	1 week ago	Linux kernel
ATA error messages and pata_sch module	1 week ago	Linux kernel
windows folder creation surprise	2 weeks ago	Windows

Patching a SSH 'Weakness'

Online users