Jacob Appelbaum and Laura Potrais recently gave a talk titled " Reconstructing narratives" at 31C3. http://media.ccc.de/browse/congress/2014/31c3_-_6258_-_en_-_saal_1_-_201412282030_-_reconstructing_narratives_-_jacob_-_laura_poitras.html#video They endorsed some technologies which are known to have not been broken by the five eyes at the time the documents were written, such as OTR, PGP, TOR, while discouraging people from using known-broken protocols such as PPTP vpn's and IPSEC vpn's "secured" by a preshared key, often common to all users and publicized on the isp's website, with L2TP only providing client authentication to the isp for accounting purposes (ok, that's a little off topic). They also stated that the NSA has, somehow, partially compromised SSH, but they couldn't figure out how. Jacob made some confused statement about elliptic curves, but the referenced document is more clear: http://www.spiegel.de/media/media-35515.pdf The slide about ssh is on page 19. The NSA states to be able to potentially recover usernames and passwords sent over SSH. This is a wild guess, but to me this seems more pertaining to keystroke dynamics, and has been known to be possible for a while: http://users.ece.cmu.edu/~dawnsong/papers/ssh-timing.pdf Text entered interactively in ssh (eg, invoking sudo post login) may leak credentials useful at escalating privileges through other services. Would it be possible to use ssh in canonical mode to avoid this? I think that would make text editing impossibile, but, couldn't a mechanism be provided to send keystroke all at once, simulating locally the expected result meanwhile? I think MOSH already does that, and this is probably out of ssh scope. But, could it be possible to have an option allowing the user to artificially add lag before sending the keystroke? EG, SSH will send the keystrokes at a regular interval of 500ms, adjusting the added lag in order to maintain a fixed latency between keystrokes, making it harder or impossible to gain insight of the entered text from traffic analysis. Does this last idea make any sense? _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev