On Tue, Oct 09, 2001 at 03:44:47PM +0200, Robert van der Meulen wrote: > Hi, > Quoting Dale Amon (amon@xxxxxxx): > > There appears to be an exploitable weakness in ssh > > right now. Characters are transmitted as fast as > > typed; interpacket timings carry probabilistic data > > on which character pairs were typed. > iirc there actually are two vulnerabilities; the ability to make > statistically supported guesses about password length, and guesses about > password _content_; both in the initial ssh password exchange, and in > password exchanges in _new_ ssh sessions from an existing ssh session. Also in other commands run in an ssh session. For instances, running "su" is two chars with echo in and a password prompt back out with several chars without echo in again. Password success or failure can be determined from subsequent prompts and reentries. Unique enough that you can spot it in traffic and guess that the dude ran su and you have a good guess on the length (number of keystrokes) and content (clustered heuristics based on timing) of the root password. Accumulate a few instances and your guesses get better. Pretty slick. Strongest recommendation I've seen for switching to OPIE/SKEY. > > If anyone knows the guys working on ssh, make sure > > they are aware of this. I tried getting email through > > the web site but there was no good address there and > > I have not gotten a reply. > They are aware of it, and there are patches. I don't recall which versions > actually have these patches, or where they can be found. > Just FYI. Yeah, I've seen some comments and a patch or two on the OpenSSH mailing list and some chatter on the SSH mailing list. I think you could find a patch, which includes some time randomizers and some idle time packets, just by searching archives on the mailings lists for the last couple of months. > Greets, > Robert > > -- > Linux Generation > encrypted mail preferred. finger rvdm@xxxxxxxxxx for my GnuPG/PGP key. > Fighting for peace is like screwing for virginity. > > Linux-crypto: cryptography in and on the Linux system > Archive: http://mail.nl.linux.org/linux-crypto/ -- Michael H. Warfield | (770) 985-6132 | mhw@xxxxxxxxxxxx (The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
