Christoph Anton Mitterer
2015-Jan-07 20:30 UTC
discussion about keystroke timing attacks against SSH on the cryptography ML
Hi folks. FYI: There's a discussion[0] about keystroke timing attacks against SSH going on on the cryptography mailing list. Would be interesting to hear the opinion of some OpenSSH folks what SSH/OpenSSH is doing against this and what could maybe be don in addition. Especially since the main idea behind the attack is obviously not limited to the initial authentication phase when a password is entered and characters would be sent one-by-one... but applicable more generally to any interactive sessions. Cheers, Chris. [0] http://www.metzdowd.com/pipermail/cryptography/2015-January/024284.html -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5313 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20150107/f34edc5c/attachment-0001.bin>
Howard Chu
2015-Jan-07 20:57 UTC
discussion about keystroke timing attacks against SSH on the cryptography ML
Christoph Anton Mitterer wrote:> Hi folks. > > FYI: > There's a discussion[0] about keystroke timing attacks against SSH going > on on the cryptography mailing list. > > Would be interesting to hear the opinion of some OpenSSH folks what > SSH/OpenSSH is doing against this and what could maybe be don in > addition. > Especially since the main idea behind the attack is obviously not > limited to the initial authentication phase when a password is entered > and characters would be sent one-by-one... but applicable more generally > to any interactive sessions. >This is why I use LINEMODE/EXTPROC... https://github.com/hyc/OpenSSH-LINEMODE> Cheers, > Chris. > > > [0] http://www.metzdowd.com/pipermail/cryptography/2015-January/024284.html > > > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev >-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
Christoph Anton Mitterer
2015-Jan-07 21:00 UTC
discussion about keystroke timing attacks against SSH on the cryptography ML
I guess it would be nice if you and other people could perhaps post (or cross post) further stuff on this thread to the cryptography mailing list (cryptography at metzdowd.com). Cheers, Chris :) -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5313 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20150107/a5a068ed/attachment-0001.bin>