On Thu, Sep 11, 2008 at 10:06:27AM +0900, Hari wrote:

quoted text
> On Thu, Sep 11, 2008 at 4:58 AM, Kevin Neff  wrote:

> > Hi,

> >

> > Some secure protocols like SSH send encrypted keystrokes

> > as they're typed.  By doing timing analysis you can figure

> > out which keys the user probably typed (keys that are

> > physically close together on a keyboard can be typed

> > faster).  A careful analysis can reveal the length of

> > passwords and probably some of password itself.

> >

> > The paper:

> >

> >  http://portal.acm.org/citation.cfm?

> >  id=1267612.1267637&coll=Portal&dl=GUIDE&CFID=1943417&C

> >  FTOKEN=28290455

>

> The paper itself is not accessible. Prima facie, this looked like a

> technology-in-search-of-a-problem kinda thing to me. For now, it

> sounds like bull.

> However, there are atleast 10 references to keystoke

> timing/characteristics. That this 'weakness' holds water is a

> judgement call. Of course, one can make any kind of conclusion only

> after studying the paper/references.

I remember reading that or a similar paper a while back. The idea has

been around for longer. Is it a weakness? Yes, I'd say so. I can't

comment on how serious it is, but at first blush not too serious. Making

OpenSSH immune would be nice, as a proactive step.
The reason why I think it's a weakness is that you can gather statistics

on typing and use those to infer things. I.e., you can extract

meaningful information from the encrypted session. If you're snooping on

ssh and see a short burst of typing followed by another ssh session from

the remote machine you can guess they typed 'ssh host.example.com' by

the length of typing and the host connected to. Nice crib. Oh, after

than connect was there another short burst? Probably the password. How

many keystrokes can probably be inferred. Perhaps stats on interkey

timing can be used to make some intelligent guesses, such as the 4th

char is NOT punctuation because is followed char 3 too closely. Or

whatever.
Just because this takes real work and isn't in a popular script kiddie

tool doesn't mean you should discount it. Traffic analysis of one kind

or another has a long history of paying off well.
--

Darrin Chandler            |  Phoenix BSD User Group  |  MetaBUG

dwchandler@stilyagin.com   |  http://phxbug.org/      |  http://metabug.org/

http://www.stilyagin.com/  |  Daemons in the Desert   |  Global BUG

Federation
[demime 1.01d removed an attachment of type application/pgp-signature]