Displaying 20 results from an estimated 2000 matches similar to: "[Fwd: Re: Defeating Timing Attacks Patch for OpenSSH 2.9.9p2 and 2.9p2]"
2001 Oct 16
1
Defeating Timing Attacks Patch for OpenSSH 2.9.9p2 and 2.9p2
Hello,
In response to the timing analysis attacks presented by Dawn Song et.
al. in her paper http://paris.cs.berkeley.edu/~dawnsong/ssh-timing.html
we
at Silicon Defense developed a patch for openssh to avoid such
measures.
Timing Analysis Evasion changes were developed by C. Jason Coit and Roel
Jonkman of Silicon Defense.
These changes cause SSH to send packets unless request not to,
2001 Oct 06
1
Defeating Timing Attacks
Hello,
In response to the timing analysis attacks presented by Dawn Song et.
al. in her paper http://paris.cs.berkeley.edu/~dawnsong/ssh-timing.html
we
at Silicon Defense developed a patch for openssh to avoid such
measures.
Timing Analysis Evasion changes were developed by C. Jason Coit and Roel
Jonkman of Silicon Defense.
These changes cause SSH to send packets unless request not to,
2010 Dec 27
3
openssh and keystroke timing attacks (again)
Hi all,
Over the past 10 years, there has been some discussion and several
patches concerning keystroke timing being revealed by the timing of
openssh packet network transmission. The issue is that keystroke
timing is correlated with the plaintext, and openssh users expect
their communications to be kept entirely secret.
Despite some excellent ideas and patches, such as Jason Coit's
2001 Nov 09
4
keystroke timing attack
I'm reading this fine article on O'Reilly:
http://linux.oreillynet.com/lpt/a//linux/2001/11/08/ssh_keystroke.html
<quote>
The paper concludes that the keystroke timing data observable from
today's SSH implementations reveals a dangerously significant amount of
information about user terminal sessions--enough to locate typed
passwords in the session data stream and reduce the
2015 Jan 07
2
discussion about keystroke timing attacks against SSH on the cryptography ML
Hi folks.
FYI:
There's a discussion[0] about keystroke timing attacks against SSH going
on on the cryptography mailing list.
Would be interesting to hear the opinion of some OpenSSH folks what
SSH/OpenSSH is doing against this and what could maybe be don in
addition.
Especially since the main idea behind the attack is obviously not
limited to the initial authentication phase when a password
2023 Aug 07
2
Packet Timing and Data Leaks
On Mon, 7 Aug 2023, Chris Rapier wrote:
> > The broader issue of hiding all potential keystroke timing is not yet fixed.
>
> Could some level of obfuscation come from enabling Nagle for interactive
> sessions that has an associated TTY? Though that would be of limited
> usefulness in low RTT environments. I don't like the idea of having a steady
> drip of packets as that
2007 Jul 22
4
using R for a reaction-time experiment
I want to use R to run a reaction-time experiment: Something appears on the
screen, I respond by typing something (one keystroke), the system measures
the speed of my response. R would be great for this if only I didn't have to
hit Enter to enter that keystroke. I am doing such experiments now but they
require two actions per trial: hit keystroke, hit Enter.
Is there some way that R can be
2012 May 13
0
Defeating Timing Attacks
Hello,
My name is Pavan and I was working on the timing attacks in Open SSH. I
wanted to know where I can find the patch files for open SSH as I am not
able to find it on the specified link.
Thank You
2023 Aug 06
1
Packet Timing and Data Leaks
Damien Miller wrote:
> On Thu, 3 Aug 2023, Chris Rapier wrote:
>
>> Howdy all,
>>
>> So, one night over beers I was telling a friend how you could use the timing
>> between key presses on a type writer to extract information. Basically, you
>> make some assumptions about the person typing (touch typing at so many words
>> per second and then fuzzing the
2023 Aug 06
2
Packet Timing and Data Leaks
On Thu, 3 Aug 2023, Chris Rapier wrote:
> Howdy all,
>
> So, one night over beers I was telling a friend how you could use the timing
> between key presses on a type writer to extract information. Basically, you
> make some assumptions about the person typing (touch typing at so many words
> per second and then fuzzing the parameters until words come out).
>
> The I
2004 Jan 07
1
keystroke logging
>
>
>What do you recommend for keeping track of user
>activities? For preserving bash histories I followed
>these recommendations:
>
>http://www.defcon1.org/secure-command.html
>
Interesting reading but, as others have noted, of limited use.
Keystroke logging can be disabled by - as others have noted - either
spawning another (perhaps different) shell, using a remote
2006 Feb 03
1
Rolling with Ruby on *Instant* Rails - "New" Tutorial
Greetings!
The original version of this tutorial was written by Curt Hibbs and published on ONLamp.com. It served as my introduction to both Ruby and Rails. Unfortunately, I experienced some frustration working through it. This was due first to the fact that I was using Instant Rails, not Rails, and second, to the fact that Rails itself has grown since Curt wrote the article. Despite my
2011 May 26
3
Ventrilo 2.1.4 under wine - push to talk.
Ventrilo in version 2.1.4 work properly good under wine. I talk with friend without any problems with sound, but there is one with "Push-to-talk" function (hotkey). When frame with ventrilo have lost focus i can't use this function. I spent a lot of time to googled about it and I found program called xbindkeys. I got idea, that I can use this program to send keystroke to ventrilo.
2009 Mar 06
2
Weird Keystroke Errors
Here is my system
Fedora 10
Avant Stellar Keyboard (uses Northgate Omnikey 101 layout)
wine 1.1.14, 1.1.15, and 1.1.16
Problem:
While in game, doesn't matter which, I've tried this with World of Warcraft, and Counter-strike. I have a problem with keystrokes registering 2 keystrokes behind.
Example: While typing in game if I type the word "Anyone" the 'A' and
2023 Aug 06
1
Packet Timing and Data Leaks
On Sun, 6 Aug 2023, Howard Chu wrote:
>The keystroke timing issue would be solved by adding LINEMODE support as I did back in 2010.
>https://lists.mindrot.org/pipermail/openssh-unix-dev/2010-June/028732.html
Local line editing by using GNU libreadline? *shudder* No, thanks.
bye,
//mirabilos
--
Infrastrukturexperte ? tarent solutions GmbH
Am Dickobskreuz 10, D-53121 Bonn ?
2023 Aug 07
1
Packet Timing and Data Leaks
Thorsten Glaser wrote:
> On Sun, 6 Aug 2023, Howard Chu wrote:
>
>> The keystroke timing issue would be solved by adding LINEMODE support as I did back in 2010.
>> https://lists.mindrot.org/pipermail/openssh-unix-dev/2010-June/028732.html
>
> Local line editing by using GNU libreadline? *shudder* No, thanks.
I also ported it to use libedit instead, but readline is more
2009 Jan 22
2
[PATCH] I attach two patches correcting documentation and I have a few questions
I post this to the mailing list, but perhaps is not the good place.
I'm not subscribed, so I don't know if I'm going to get any reply, but
please, tell me where to send patches.
I attach two patches that correctly describes the new support for F11
and F12 in documentation but I have two more question to update
documentation accordingly.
In doc/syslinux.txt line 515, talking about
2014 Sep 06
2
keystrokes
Hello Syslinux Team,
What actions are _supposed_ to be triggered by each of:
[Ctrl-J]
[Ctrl-M]
in the Syslinux command line in version 6.03-pre20?
Are there any differences between CLI and [vesa]menu.c32 regarding
these keystroke combinations?
Are there any differences in their behaviors when booting with
different Syslinux variants (e.g ISOLINUX vs. SYSLINUX vs.
PXELINUX)?
To be
2020 Aug 17
2
Replacement for KMail V1
Last week my trusty Fedora 9 file and print server failed on me. Not bad
for 12 years trusty service.
I have now replaced it with a C7 server and found that lots have changed
in those 12 years. Thankfully many things haven't, named-chroot, dhcpd,
etc pretty much copied across and Samba wasn't a major rewrite.
However I feel like my right arm has been chopped off.? My work life
2004 Jan 06
5
Logging user activities
Hello,
What do you recommend for keeping track of user
activities? For preserving bash histories I followed
these recommendations:
http://www.defcon1.org/secure-command.html
They include using 'chflags sappnd .bash_history',
enabling process accounting, and the like.
My goal is to "watch the watchers," i.e. watch for
abuse of power by SOC people with the ability to view