discussion about keystroke timing attacks against SSH on the cryptography ML

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi folks.

FYI:
There's a discussion[0] about keystroke timing attacks against SSH going
on on the cryptography mailing list.

Would be interesting to hear the opinion of some OpenSSH folks what
SSH/OpenSSH is doing against this and what could maybe be don in
addition.
Especially since the main idea behind the attack is obviously not
limited to the initial authentication phase when a password is entered
and characters would be sent one-by-one... but applicable more generally
to any interactive sessions.

Cheers,
Chris.


[0] http://www.metzdowd.com/pipermail/cryptography/2015-January/024284.html

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux