Re: Patching a SSH 'Weakness'

Hi! On Fri, Sep 12, 2008 at 07:41:05PM +0300, Toni Spets wrote: >Stuart Henderson wrote: >>On 2008-09-12, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: >>> To all who opposed the suggestion to send one block of data >>> when the key is pressed: my suggestion strictly referred >>> to the login proc

Re: Patching a SSH 'Weakness'

On 13 Sep 2008, at 04:46 , johan beisser wrote: On Fri, Sep 12, 2008 at 05:42:08PM -0700, johan beisser wrote: It's just a improbable attack. One that's easily defended against by maintaining the interactive shell/echoback and simply push additional Was it you who said earlier that you weren

Re: Patching a SSH 'Weakness'

On Saturday 13 September 2008, johan beisser wrote: > On Sep 13, 2008, at 5:49 AM, steve szmidt wrote: > > Yes, the US had it for a while but a recent ruling has reversed that. > > Really? I never heard of it ever being passed in the first place. > > If it's the case I'm thinking of, the key couldn

Re: Patching a SSH 'Weakness'

On Sunday 14 September 2008, Stuart Henderson wrote: > On 2008-09-14, J.C. Roberts <[EMAIL PROTECTED]> wrote: > > In the UK, it seems there's such a law. > > > > Page 1: > > http://networks.silicon.com/mobile/0,39024665,39282266,00.htm Page > > 2: > > http://networks.silicon.com/silicon/networks/mo

Re: Patching a SSH 'Weakness'

On 2008-09-14, J.C. Roberts <[EMAIL PROTECTED]> wrote: > In the UK, it seems there's such a law. > > Page 1: http://networks.silicon.com/mobile/0,39024665,39282266,00.htm > Page 2: > http://networks.silicon.com/silicon/networks/mobile/0,39024665,39282266-2,00.htm > > "The team cracks low-grade enc

Re: Patching a SSH 'Weakness'

On Saturday 13 September 2008, johan beisser wrote: > On Sep 13, 2008, at 5:49 AM, steve szmidt wrote: > > Yes, the US had it for a while but a recent ruling has reversed > > that. > > Really? I never heard of it ever being passed in the first place. > > If it's the case I'm thinking of, the key co

Re: Patching a SSH 'Weakness'

On Sep 13, 2008, at 5:49 AM, steve szmidt wrote: Yes, the US had it for a while but a recent ruling has reversed that. Really? I never heard of it ever being passed in the first place. If it's the case I'm thinking of, the key couldn't be compelled from the guy due to how they were trying t

Re: Patching a SSH 'Weakness'

On Sep 13, 2008, at 3:21 AM, Toni Spets wrote: What about some known patterns like "screen (-r)" from the start of every session for example in an IRC shell where most people do that first? Could it be used with lots of data to crack open future sessions? I would say "yes it's possible. B

Re: Patching a SSH 'Weakness'

On Saturday 13 September 2008, Jonathan Schleifer wrote: > > I don't know a single country where you are forced to hand over keys, > but not to hand over passwords > > -- > Jonathan Yes, the US had it for a while but a recent ruling has reversed that. -- Steve Szmidt "They that would give u

Re: Patching a SSH 'Weakness'

johan beisser wrote: Given enough time and enough response packets you might be able to figure out which two letter commands were given at any given time. Section 6 of RFC4253[1] should provide some level of masking to which character is typed outbound to the remote system and more than bit on

Re: Patching a SSH 'Weakness'

Am 13.09.2008 um 11:36 schrieb Stuart Henderson: > Not always. You might connect to another machine and connect > out again from there. You could directly connect from your machine to the other machine. You might bring the argument that you can't get a direct connection, but for that purpose, SSH

Re: Patching a SSH 'Weakness'

On 2008-09-13, Jonathan Schleifer <[EMAIL PROTECTED]> wrote: > Am 12.09.2008 um 23:19 schrieb Stuart Henderson: > >> On 2008/09/12 13:59, Marti Martinez wrote: >>> On Fri, Sep 12, 2008 at 1:16 PM, Stuart Henderson <[EMAIL PROTECTED] >>> >wrote: >>> > Wait, how do you know someone is typing a p

Re: Patching a SSH 'Weakness'

Am 12.09.2008 um 23:19 schrieb Stuart Henderson: > On 2008/09/12 13:59, Marti Martinez wrote: >> On Fri, Sep 12, 2008 at 1:16 PM, Stuart Henderson <[EMAIL PROTECTED] >> >wrote: >> Wait, how do you know someone is typing a password inside the session and not just writing a text fi

Re: Patching a SSH 'Weakness'

On Sep 12, 2008, at 9:43 PM, Darrin Chandler wrote: I'm saying what he's wanting to prevent - Eve watching input and output to figure out passwords, based on keyboard timing and typing patterns - isn't really an easy attack for Eve to accomplish without a huge amount of data being coll

Re: Patching a SSH 'Weakness'

On Fri, Sep 12, 2008 at 07:46:59PM -0700, johan beisser wrote: > On Sep 12, 2008, at 6:41 PM, Darrin Chandler wrote: >> Was it you who said earlier that you weren't a cryptanalyst? Well, >> neither am I, but I have come away with one lesson from them: be on the >> attack. You are on the defense, an

Re: Patching a SSH 'Weakness'

On Sep 12, 2008, at 6:41 PM, Darrin Chandler wrote: On Fri, Sep 12, 2008 at 05:42:08PM -0700, johan beisser wrote: It's just a improbable attack. One that's easily defended against by maintaining the interactive shell/echoback and simply push additional Was it you who said earlier that you we

Re: Patching a SSH 'Weakness'

On Fri, Sep 12, 2008 at 05:42:08PM -0700, johan beisser wrote: > It's just a improbable attack. One that's easily defended against by > maintaining the interactive shell/echoback and simply push additional Was it you who said earlier that you weren't a cryptanalyst? Well, neither am I, but I have

Re: Patching a SSH 'Weakness'

On Sep 12, 2008, at 4:08 PM, Damien Miller wrote: There is no reason to believe that keystroke timing attacks will be impossible against protocol 2 where they work against protocol 1. They might just be a little more tricky. I don't think I discounted an updated version of this attack against

Re: Patching a SSH 'Weakness'

On Fri, 12 Sep 2008, johan beisser wrote: > On Sep 12, 2008, at 3:12 PM, Philip Guenther wrote: > > > On Fri, Sep 12, 2008 at 2:05 PM, johan beisser <[EMAIL PROTECTED]> wrote: > > > > This about security. Being realistic means *not* being optimistic > > that extracting data will be "too hard",

Re: Patching a SSH 'Weakness'

On Sep 12, 2008, at 3:12 PM, Philip Guenther wrote: On Fri, Sep 12, 2008 at 2:05 PM, johan beisser <[EMAIL PROTECTED]> wrote: This about security. Being realistic means *not* being optimistic that extracting data will be "too hard", "too unlikely", "only applicable to a subset of people [and c

Re: Patching a SSH 'Weakness'

On Fri, Sep 12, 2008 at 2:05 PM, johan beisser <[EMAIL PROTECTED]> wrote: ... > I'm not going to say "It's impossible." It's not. How about "really highly > unlikely" that Eve will pick up enough useful signal to decrypt which > letters are being typed by the user. I know that not everyone uses ssh

Re: Patching a SSH 'Weakness'

On Thu, 11 Sep 2008, [EMAIL PROTECTED] wrote: > Just off the top of my head (I have to check the SSH protocol yet): > Why not encipher all accumulated keystrokes up to the key as a > block send them instead of sending each keystroke as it is typed? This > shrouds the typist's characteristics. Th

Re: Patching a SSH 'Weakness'

On Sep 12, 2008, at 2:28 PM, Stuart Henderson wrote: On 2008/09/12 14:05, johan beisser wrote: I'm not going to say "It's impossible." It's not. How about "really highly unlikely" that Eve will pick up enough useful signal to decrypt which letters are being typed by the user. You might lik

Re: Patching a SSH 'Weakness'

On Sep 12, 2008, at 2:28 PM, Stuart Henderson wrote: On 2008/09/12 14:05, johan beisser wrote: I'm not going to say "It's impossible." It's not. How about "really highly unlikely" that Eve will pick up enough useful signal to decrypt which letters are being typed by the user. You might lik

Re: Patching a SSH 'Weakness'

On Sep 12, 2008, at 7:02 AM, Kevin Neff wrote: Thanks for all the comments. I think we're all pretty much on the same page. First order of business is to look at how much of a weakness this may be. Then, implement several potential solutions. Finally, test to see if the "fixes" improve

Re: Patching a SSH 'Weakness'

On 2008/09/12 14:05, johan beisser wrote: > I'm not going to say "It's impossible." It's not. How about "really > highly unlikely" that Eve will pick up enough useful signal to decrypt > which letters are being typed by the user. You might like to read the abstract of the article which started

Re: Patching a SSH 'Weakness'

On 2008/09/12 13:59, Marti Martinez wrote: > On Fri, Sep 12, 2008 at 1:16 PM, Stuart Henderson <[EMAIL PROTECTED]>wrote: > > > > Wait, how do you know someone is typing a password inside the session > > > and not just writing a text file or typing arbitrary commands? > > > > e.g. when eve's machin

Re: Patching a SSH 'Weakness'

On Sep 12, 2008, at 1:16 PM, Stuart Henderson wrote: Wait, how do you know someone is typing a password inside the session and not just writing a text file or typing arbitrary commands? e.g. when eve's machine that's hijacking the network packets picks up an outgoing SSH connection. I'm not g

Re: Patching a SSH 'Weakness'

On Fri, Sep 12, 2008 at 1:16 PM, Stuart Henderson <[EMAIL PROTECTED]>wrote: > > Wait, how do you know someone is typing a password inside the session > > and not just writing a text file or typing arbitrary commands? > > e.g. when eve's machine that's hijacking the network packets picks > up an ou

Re: Patching a SSH 'Weakness'

On 2008-09-12, Toni Spets <[EMAIL PROTECTED]> wrote: > Stuart Henderson wrote: >> On 2008-09-12, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: >> > To all who opposed the suggestion to send one block of data >> > when the key is pressed: my suggestion strictly referred >> > to the login procedure,

Re: Patching a SSH 'Weakness'

"David Higgs" <[EMAIL PROTECTED]> wrote: > When it detects that *s are being echoed instead of the actual input > character. I have never seen a password prompt on a UNIX terminal that echo'd *s. -- Jonathan [demime 1.01d removed an attachment of type application/pgp-signature which had a name

Re: Patching a SSH 'Weakness'

On Fri, Sep 12, 2008 at 5:41 PM, Toni Spets <[EMAIL PROTECTED]> wrote: > Stuart Henderson wrote: >> >> On 2008-09-12, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: >> > To all who opposed the suggestion to send one block of data >> > when the key is pressed: my suggestion strictly referred >> > to

Re: Patching a SSH 'Weakness'

Stuart Henderson wrote: On 2008-09-12, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > To all who opposed the suggestion to send one block of data > when the key is pressed: my suggestion strictly referred > to the login procedure, not to the later data communication. I did > not mention this bec

Re: Patching a SSH 'Weakness'

Ted Unangst wrote: On Fri, Sep 12, 2008 at 4:12 AM, <[EMAIL PROTECTED]> wrote: To all who opposed the suggestion to send one block of data when the key is pressed: my suggestion strictly referred to the login procedure, not to the later data communication. I did not mention this because I t

Re: Patching a SSH 'Weakness'

Thanks for all the comments. I think we're all pretty much on the same page. First order of business is to look at how much of a weakness this may be. Then, implement several potential solutions. Finally, test to see if the "fixes" improved the situation. I like the idea of mainly patching the

Re: Patching a SSH 'Weakness'

On 2008-09-12, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > To all who opposed the suggestion to send one block of data > when the key is pressed: my suggestion strictly referred > to the login procedure, not to the later data communication. I did > not mention this because I thought it was clea

Re: Patching a SSH 'Weakness'

On Fri, Sep 12, 2008 at 4:12 AM, <[EMAIL PROTECTED]> wrote: > To all who opposed the suggestion to send one block of data > when the key is pressed: my suggestion strictly referred > to the login procedure, not to the later data communication. I did > not mention this because I thought it was cle

Re: Patching a SSH 'Weakness'

On 9/10/2008 at 2:58 PM Kevin Neff wrote: |Hi, | |Some secure protocols like SSH send encrypted keystrokes |as they're typed. By doing timing analysis you can figure |out which keys the user probably typed (keys that are |physically close together on a keyboard can be typed |faster). A careful a

Re: Patching a SSH 'Weakness'

To all who opposed the suggestion to send one block of data when the key is pressed: my suggestion strictly referred to the login procedure, not to the later data communication. I did not mention this because I thought it was clear from the context of the original poster who has expressively menti

Re: Patching a SSH 'Weakness'

On Thu, Sep 11, 2008 at 11:49:39AM -0400, (private) HKS wrote: | Also, tab-completion won't work, top won't work, control characters | won't work, vim won't work, etc etc... I'm glad someone brought up this point.

Re: Patching a SSH 'Weakness'

Also, tab-completion won't work, top won't work, control characters won't work, vim won't work, etc etc... -HKS On Thu, Sep 11, 2008 at 4:00 AM, <[EMAIL PROTECTED]> wrote: > Just off the top of my head (I have to check the SSH protocol yet): Why not > encipher all accumulated keystrokes up to t

Re: Patching a SSH 'Weakness'

STeve Andre' escreveu: > This is nearly complete bullshit. For any individual, learning > their characteristics could give rise to being able to know a > great deal about what they are doing, but hardly for the > general case. > > I know people who type blindingly fast. I'm a mutant hunt > 'n pe

Re: Patching a SSH 'Weakness'

On Thursday 11 September 2008 02:28:58 Damien Miller wrote: > On Wed, 10 Sep 2008, STeve Andre' wrote: > > On Wednesday 10 September 2008 15:58:03 Kevin Neff wrote: > > > Hi, > > > > > > Some secure protocols like SSH send encrypted keystrokes > > > as they're typed. By doing timing analysis you c

Re: Patching a SSH 'Weakness'

On Thu, Sep 11, 2008 at 10:42 AM, Andreas Kahari <[EMAIL PROTECTED]>wrote: > I'd like to see what I'm typing, as I'm typing it, in my interactive > SSH session. Use local echo instead of remote echo then? Reduces chattiness on the link too.

Re: Patching a SSH 'Weakness'

On Thu, Sep 11, 2008 at 10:06:27AM +0900, Hari wrote: | On Thu, Sep 11, 2008 at 4:58 AM, Kevin Neff <[EMAIL PROTECTED]> wrote: | > Hi, | > | > Some secure protocols like SSH send encrypted keystrokes | > as they're typed. By doing timing analysis you can figure | > out which keys the user probably

Re: Patching a SSH 'Weakness'

11 September 2008 G. 12:00:18 [EMAIL PROTECTED] wrote: > Just off the top of my head (I have to check the SSH protocol yet): > Why not encipher all accumulated keystrokes up to the key as a > block send them instead of sending each keystroke as it is typed? This > shrouds the typist's characterist

Re: Patching a SSH 'Weakness'

I'd like to see what I'm typing, as I'm typing it, in my interactive SSH session. Andreas 2008/9/11 <[EMAIL PROTECTED]>: > Just off the top of my head (I have to check the SSH protocol yet): Why not > encipher all accumulated keystrokes up to the key as a block send > them instead of sending

Patching a SSH 'Weakness'

Just off the top of my head (I have to check the SSH protocol yet): Why not encipher all accumulated keystrokes up to the key as a block send them instead of sending each keystroke as it is typed? This shrouds the typist's characteristics. In addition, if the cipher is a block cipher, padding i

Re: Patching a SSH 'Weakness'

On Wed, 10 Sep 2008, STeve Andre' wrote: > On Wednesday 10 September 2008 15:58:03 Kevin Neff wrote: > > Hi, > > > > Some secure protocols like SSH send encrypted keystrokes > > as they're typed. By doing timing analysis you can figure > > out which keys the user probably typed (keys that are > >

Re: Patching a SSH 'Weakness'

Hell you say. I wear glasses and have been punched. Hard. In the face. Good to know I'll be immune from you. On 9/10/08, Aaron Glenn <[EMAIL PROTECTED]> wrote: > On Wed, Sep 10, 2008 at 7:56 PM, STeve Andre' <[EMAIL PROTECTED]> wrote: >> >> How about people with severe physical problems? I know

Re: Patching a SSH 'Weakness'

On Wed, Sep 10, 2008 at 7:56 PM, STeve Andre' <[EMAIL PROTECTED]> wrote: > > How about people with severe physical problems? I know a C4 > quadriplegic who types slowly, very slowly. Depending on how > he feels, his speed varies by probably a factor of 4 or so. > if I was trying to gank a quadri

Re: Patching a SSH 'Weakness'

On Wednesday 10 September 2008 15:58:03 Kevin Neff wrote: > Hi, > > Some secure protocols like SSH send encrypted keystrokes > as they're typed. By doing timing analysis you can figure > out which keys the user probably typed (keys that are > physically close together on a keyboard can be typed >

Re: Patching a SSH 'Weakness'

On Thu, Sep 11, 2008 at 10:06:27AM +0900, Hari wrote: > On Thu, Sep 11, 2008 at 4:58 AM, Kevin Neff <[EMAIL PROTECTED]> wrote: > > Hi, > > > > Some secure protocols like SSH send encrypted keystrokes > > as they're typed. By doing timing analysis you can figure > > out which keys the user probably

Re: Patching a SSH 'Weakness'

Just wait until you see me type! On Thu, Sep 11, 2008 at 10:06:27AM +0900, Hari wrote: > On Thu, Sep 11, 2008 at 4:58 AM, Kevin Neff <[EMAIL PROTECTED]> wrote: > > Hi, > > > > Some secure protocols like SSH send encrypted keystrokes > > as they're typed. By doing timing analysis you can figure >

Re: Patching a SSH 'Weakness'

On Thu, Sep 11, 2008 at 4:58 AM, Kevin Neff <[EMAIL PROTECTED]> wrote: > Hi, > > Some secure protocols like SSH send encrypted keystrokes > as they're typed. By doing timing analysis you can figure > out which keys the user probably typed (keys that are > physically close together on a keyboard ca

Re: Patching a SSH 'Weakness'

On Wed, 10 Sep 2008, Kevin Neff wrote: > Hi, > > Some secure protocols like SSH send encrypted keystrokes > as they're typed. By doing timing analysis you can figure > out which keys the user probably typed (keys that are > physically close together on a keyboard can be typed > faster). A caref

Patching a SSH 'Weakness'

Hi, Some secure protocols like SSH send encrypted keystrokes as they're typed. By doing timing analysis you can figure out which keys the user probably typed (keys that are physically close together on a keyboard can be typed faster). A careful analysis can reveal the length of passwords and pro