openssh unix dev - Jan 2011 - Randomness in packet padding length as a feature

Hello list,

RFC 4253 provides for per-packet random padding, the length of which
depends on the payload and the cipher block size. If I understand
correctly, for OpenSSH (5.7) this is done in packet.c lines 674-684
and 881-911?

Although the padding itself is random, its length is not, and the
final packet size is just a step function of the size of the payload.
This can be a problem to some users worried about traffic analysis.
One approach to address this has been to make the padding per-packet a
random value between 4 and 255 bytes, but is this planned to ever be a
feature?

Thanks for your time.

Mansour Moufid wrote:
> Hello list,
>
> RFC 4253 provides for per-packet random padding, the length of which
> depends on the payload and the cipher block size. If I understand
> correctly, for OpenSSH (5.7) this is done in packet.c lines 674-684
> and 881-911?
>
> Although the padding itself is random, its length is not, and the
> final packet size is just a step function of the size of the payload.
> This can be a problem to some users worried about traffic analysis.
> One approach to address this has been to make the padding per-packet a
> random value between 4 and 255 bytes, but is this planned to ever be a
> feature?
When deciding if/how to implement this, keep in mind that a lot of us use SSH 
over cellphone networks where we pay per byte, bandwidth is low, and latencies 
are relatively high.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/