similar to: discussion about keystroke timing attacks against SSH on the cryptography ML

Old news, but ... http://lwn.net/Articles/298833/ I first posted about this back in 2001 and it's still not resolved: http://osdir.com/ml/ietf.secsh/2001-09/msg00000.html 1) high latency networks are a reality that will never go away. In fact they will only become more prevalent since distributed networks continue to grow broader but (surprise) the speed of light remains a constant. 2)

Picking up on a couple really old threads (e.g. http://osdir.com/ml/ietf.secsh/2001-09/msg00003.html ) I've finally gotten around to this. The EXTPROC support on Linux is missing, but you can find kernel patches for that here http://lkml.org/lkml/2010/6/11/403 I've also fixed up the netkit telnet / telnetd code to work with EXTPROC / LINEMODE on Linux, those patches are here

On Thu, 3 Aug 2023, Chris Rapier wrote: > Howdy all, > > So, one night over beers I was telling a friend how you could use the timing > between key presses on a type writer to extract information. Basically, you > make some assumptions about the person typing (touch typing at so many words > per second and then fuzzing the parameters until words come out). > > The I

On Sun, 6 Aug 2023, Howard Chu wrote: >The keystroke timing issue would be solved by adding LINEMODE support as I did back in 2010. >https://lists.mindrot.org/pipermail/openssh-unix-dev/2010-June/028732.html Local line editing by using GNU libreadline? *shudder* No, thanks. bye, //mirabilos -- Infrastrukturexperte ? tarent solutions GmbH Am Dickobskreuz 10, D-53121 Bonn ?

Hey all, So I do some development based on openssh and I'm trying to think of some new projects that might extend the functionality, feature set, user workflow, performance, etc of ssh. So open ended question: Do any of you have a wish list of things you'd like to see in ssh? Mostly I'm just curious to see what the larger community is thinking of rather than being driven

This message is a few years old so I cannot reply to the original, but it is still of current research interest. > So one of my coworkers is doing a little research on SSH usage in the > wild using netflow data. One of the things he's trying to do is > determine a way to differentiate between data transfers and interactive > sessions. We thought of a couple of ways but we wanted

Damien Miller wrote: > On Thu, 3 Aug 2023, Chris Rapier wrote: > >> Howdy all, >> >> So, one night over beers I was telling a friend how you could use the timing >> between key presses on a type writer to extract information. Basically, you >> make some assumptions about the person typing (touch typing at so many words >> per second and then fuzzing the

There were a few notes in this thread that may indicate open areas for development. I forward merely as FYI. http://www.metzdowd.com/pipermail/cryptography/2015-January/024231.html ---------- Forwarded message ---------- From: Peter Gutmann <pgut001 at cs.auckland.ac.nz> Date: Sun, Jan 4, 2015 at 9:29 PM Subject: Re: [Cryptography] Why aren?t we using SSH for everything? To: calestyo at

Thorsten Glaser wrote: > On Sun, 6 Aug 2023, Howard Chu wrote: > >> The keystroke timing issue would be solved by adding LINEMODE support as I did back in 2010. >> https://lists.mindrot.org/pipermail/openssh-unix-dev/2010-June/028732.html > > Local line editing by using GNU libreadline? *shudder* No, thanks. I also ported it to use libedit instead, but readline is more

I'm looking at the code from CVS as of May 21. The statement to allocate the mux state is allocating the size of a pointer, instead of the size of the struct being pointed to. The bug is benign in the original code because the struct has only an int element inside it, but it would corrupt memory if the struct were to be extended. Simple fix here: diff --git a/mux.c b/mux.c index

Hi, just read the LLVM 2.6 release announcement, the bit about llvm-mc caught my attention. I've been looking for a tool to disassemble x86 object files into an IR and then reassemble them into x86_64 object code. The immediate use for them would be to convert driver blobs that some vendors provide for their hardware (e.g. the Lucent modem driver) so they can be used in a 64 bit kernel.

On Oct 26, 2009, at 1:00 AM, Howard Chu wrote: > Hi, just read the LLVM 2.6 release announcement, the bit about llvm- > mc caught > my attention. I've been looking for a tool to disassemble x86 object > files > into an IR and then reassemble them into x86_64 object code. The > immediate use > for them would be to convert driver blobs that some vendors provide >

Hello list, RFC 4253 provides for per-packet random padding, the length of which depends on the payload and the cipher block size. If I understand correctly, for OpenSSH (5.7) this is done in packet.c lines 674-684 and 881-911? Although the padding itself is random, its length is not, and the final packet size is just a step function of the size of the payload. This can be a problem to some

Chris Lattner wrote: > > On Oct 26, 2009, at 1:00 AM, Howard Chu wrote: > >> Hi, just read the LLVM 2.6 release announcement, the bit about llvm- >> mc caught >> my attention. I've been looking for a tool to disassemble x86 object >> files >> into an IR and then reassemble them into x86_64 object code. The >> immediate use >> for them would be

On Thu, Jul 20, 2023 at 1:49?PM Johnnie W Adams <jxadams at ualr.edu> wrote: > > Hi, folks, > > We're experiencing an odd ten-second delay intermittently when logging > into any of our Linux boxes which authenticate against LDAP. Here's where > it happens: > > Jul 13 11:54:23 console2 sshd[1853]: debug1: temporarily_use_uid: <my > uid\gid>

Nico Kadel-Garcia wrote: > On Thu, Jul 20, 2023 at 1:49?PM Johnnie W Adams <jxadams at ualr.edu> wrote: >> >> Hi, folks, >> >> We're experiencing an odd ten-second delay intermittently when logging >> into any of our Linux boxes which authenticate against LDAP. Here's where >> it happens: >> >> Jul 13 11:54:23 console2

My Linux kernel patches for linemode support have been pulled into the 2.6.36 release stream, so I figure it's time to finish up the work on openssh, bash, tcsh, readline, libedit, and anything else that comes along. As I last wrote here http://wiki.github.com/hyc/OpenSSH-LINEMODE/ I've got a few open issues remaining... First, I re-organized muxed session handling such that all

Hello everybody, I'd like to have LPK (or something like that - getting public keys from LDAP) integrated into mainline OpenSSH. *** First of all, a summary. The project page at http://code.google.com/p/openssh-lpk/ mentions that a few distributions include LPK per default; but reading the various threads at Support for merging LPK and hpn-ssh into mainline openssh?

Damien, What is the best document to use for documentation on SFTP? In other words, if I want to build an SFTP client library based on libssh.a, is there documentation about the series of messages I need to send over the wire? Thanks, ScottN -----Original Message----- From: openssh-unix-dev [mailto:openssh-unix-dev-bounces+scott_n=xypro.com at mindrot.org] On Behalf Of Damien Miller Sent:

Hi all, Over the past 10 years, there has been some discussion and several patches concerning keystroke timing being revealed by the timing of openssh packet network transmission. The issue is that keystroke timing is correlated with the plaintext, and openssh users expect their communications to be kept entirely secret. Despite some excellent ideas and patches, such as Jason Coit's