I wrote: > There were a series of papers some time ago -- one of them is at > http://www.cs.virginia.edu/cs588/projects/reports/team4.pdf -- which > claimed that it was possible to guess which keys a user presses by > measuring the time between keystrokes. Aaron Gaudio replied: > I'm not privvy to the intricacies to the ssh authentication protocol, but > why doesn't/can't the ssh client simply not send any of the password until > the user presses Enter, thereby defeating this attack against an initial > ssh authentication (presumably the ssh client knows when the server is > asking for a password)? I should have made this clearer: it does. At least when the connection is first established. The problem is when the user is asked for passwords later (e.g. su or sudo). > As for other passwords, such as sent to sudo once > the connection is established, the connection is encrypted, so it seems > unlikely the attack would work. Although the connection is encrypted, the fact that one exists can be deduced (an attacker, in the right place, can see all those encrypted packets going backwards and forwards). He or she can even tell when they go, and how big they are, and deduce some details about what is happening (a screen refresh is a lot bigger than a single character being displayed). > And if all else fails, the ssh client could > (maybe it already does) insert some artificial random delays into > transmissions coming from key entries. For that to work, the client would have to recognise when the server was asking for a password. That would mean deducing the intent of what was displayed. OpenSSH clients don't interpret the display at all: they just pass it on to the terminal. PuTTY, of course, has an integrated terminal emulator, but it still only displays what is sent: it has no notion of "su". Alternatively, of course, you could just drop these delays into all communication. To be effective, you'd need enough delays that it might be noticable over a slow connection. I've got ssh users over such slow connections, and I can tell you they'd not be happy about it. A cleaner solution would be to invent an API and a terminfo code for programs to request passwords from a terminal, and terminals that would know to prompt for a password and not send anything until Return was pressed. If you patched su, sudo and passwd to use such a thing, and PuTTY and several of the Linux xterms to understand the codes, you could probably get enough momentum for most other vendors to jump on board. The fact that this hasn't happened should tell you something -- notably that it is a highly theoretical weakness, and none of the professional paranoids are sufficiently worried. James. -- E-mail address: james | "It has taken 24 years to get the Reichstag wrapped. @westexe.demon.co.uk | Chancellor Kohl said it would only be wrapped over | his dead body, so sensing an opportunity the | Bundestag outvoted him." -- The Guardian
