Christoph Anton Mitterer wrote:
Hi folks. FYI: There's a discussion[0] about keystroke timing attacks against SSH going on on the cryptography mailing list. Would be interesting to hear the opinion of some OpenSSH folks what SSH/OpenSSH is doing against this and what could maybe be don in addition. Especially since the main idea behind the attack is obviously not limited to the initial authentication phase when a password is entered and characters would be sent one-by-one... but applicable more generally to any interactive sessions.
This is why I use LINEMODE/EXTPROC... https://github.com/hyc/OpenSSH-LINEMODE
Cheers, Chris. [0] http://www.metzdowd.com/pipermail/cryptography/2015-January/024284.html _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/ _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
