On Tue, Oct 09, 2001 at 11:32:10AM -0400, Henry Spencer wrote: > The wording is a bit confusing, but on careful reading, it sounds like > those 50ms packets are also used to convey the real keystrokes, i.e. while > the user is typing (and for 1s afterward) you see *only* the 50ms packets, > nothing else. I haven't looked at the patch(es) in question yet either, so I shouldn't say much ;-). However, if you're correct, specific timings for all keystrokes would indeed make timing analysis difficult. The part that half-worried me was the ability for an attacker to watch for non-echoed vs. echoed commands (like password prompts). I'm assuming the patch may also include a system to time the response packets and fill in random response packets to those timed fake packets. Incidentally, do these attacks apply to traffic analysis of IPSEC connections using something like FreeS/WAN? -- Michael T. Babcock CTO, FibreSpeed Ltd. Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
