Re: Patching a SSH 'Weakness'

view
thread

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: Damien Miller <djm@...>

To: <neffk@...>

Cc: <misc@...>

Subject: Re: Patching a SSH 'Weakness'

Date: Wednesday, September 10, 2008 - 8:59 pm

On Wed, 10 Sep 2008, Kevin Neff wrote:
> Hi,

quoted text>

> Some secure protocols like SSH send encrypted keystrokes

> as they're typed.  By doing timing analysis you can figure

> out which keys the user probably typed (keys that are

> physically close together on a keyboard can be typed

> faster).  A careful analysis can reveal the length of

> passwords and probably some of password itself.

>

> The paper:

>

>   http://portal.acm.org/citation.cfm?

>   id=1267612.1267637&coll=Portal&dl=GUIDE&CFID=1943417&C

>   FTOKEN=28290455

>

> I'm seriously considering implementing a fix for this

> weakness.  Is there any interest in incorporating this

> sort of thing into openBSD?
Be warned: implementing any sort of time-based events in the current

SSH mainloop is annoyingly difficult.
If you can do it cleanly, then we are interested.
-d

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Patching a SSH 'Weakness', Kevin Neff, (Wed Sep 10, 3:58 pm)

Re: Patching a SSH 'Weakness', Mike M, (Fri Sep 12, 8:01 am)

Re: Patching a SSH 'Weakness', Kevin Neff, (Fri Sep 12, 10:02 am)

Re: Patching a SSH 'Weakness', johan beisser, (Fri Sep 12, 5:32 pm)

Re: Patching a SSH 'Weakness', STeve Andre', (Wed Sep 10, 10:56 pm)

Re: Patching a SSH 'Weakness', Giancarlo Razzolini, (Thu Sep 11, 11:06 am)

Re: Patching a SSH 'Weakness', Damien Miller, (Thu Sep 11, 2:28 am)

Re: Patching a SSH 'Weakness', STeve Andre', (Thu Sep 11, 8:50 am)

Re: Patching a SSH 'Weakness', Aaron Glenn, (Thu Sep 11, 12:40 am)

Re: Patching a SSH 'Weakness', Johan Beisser, (Thu Sep 11, 1:35 am)

Re: Patching a SSH 'Weakness', Hari, (Wed Sep 10, 9:06 pm)

Re: Patching a SSH 'Weakness', Paul de Weerd, (Thu Sep 11, 4:49 am)

Re: Patching a SSH 'Weakness', Darrin Chandler, (Wed Sep 10, 10:21 pm)

Re: Patching a SSH 'Weakness', Marco Peereboom, (Wed Sep 10, 9:50 pm)

Re: Patching a SSH 'Weakness', Damien Miller, (Wed Sep 10, 8:59 pm)

Navigation

Popular discussions


linux-kernel:
Jan Engelhardt	intel iommu (Re: -mm merge plans for 2.6.23)
Greg KH	[GIT PATCH] driver core patches against 2.6.24
Jeff Garzik	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Chuck Ebbert	Why do so many machines need "noapic"?
git:

linux-netdev:
David Miller	Re: [GIT]: Networking
Gerrit Renker	[PATCH 34/37] dccp: Auto-load (when supported) CCID plugins for negotiation
Herbert Xu	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
David Miller	Re: [PATCH 20/31]: pkt_sched: Perform bulk of qdisc destruction in RCU.
openbsd-misc:

Colocation donated by:

Online users

Syndicate