Just off the top of my head (I have to check the SSH protocol yet): Why not encipher all accumulated keystrokes up to the <Enter> key as a block send them instead of sending each keystroke as it is typed? This shrouds the typist's characteristics. In addition, if the cipher is a block cipher, padding is added to make the number of bits a multiple of the block size. Mandatory padding with a nonce may help to shroud the number of keystrokes. The drawback is that the padding part could mean that we are no longer compatible with the SSH protocol.
- Re: Patching a SSH 'Weakness' Paul de Weerd
- Re: Patching a SSH 'Weakness' STeve Andre'
- Re: Patching a SSH 'Weakness' Aaron Glenn
- Re: Patching a SSH 'Weakness' Johan Beisser
- Re: Patching a SSH 'Weakness' Damien Miller
- Re: Patching a SSH 'Weakness' STeve Andre'
- Re: Patching a SSH 'Weakness' Giancarlo Razzolini
- Re: Patching a SSH 'Weakness' Mike M
- Re: Patching a SSH 'Weakness' Kevin Neff
- Re: Patching a SSH 'Weakness' johan beisser
- Patching a SSH 'Weakness' ge7r85o02
- Re: Patching a SSH 'Weakness' Andreas Kahari
- Re: Patching a SSH 'Weakness' Ross Cameron
- Re: Patching a SSH 'Weakness' Vadim Zhukov
- Re: Patching a SSH 'Weakness' (private) HKS
- Re: Patching a SSH 'Weakness' Ryan Corder
- Re: Patching a SSH 'Weakness' Damien Miller
- Re: Patching a SSH 'Weakness' ge7r85o02
- Re: Patching a SSH 'Weakness' Ted Unangst
- Re: Patching a SSH 'Weakness' Jacob Yocom-Piatt
- Re: Patching a SSH 'Weakness' Stuart Henderson
