Email or username:

Password:

Forgot your password?
Bryan Steele :flan_beard:

"Keystroke timing obfuscation" has been added to ssh(1) client in #OpenBSD -current.

This uses the recently added "ping@openssh.com" vendor extension described in the PROTOCOL file.

cvsweb.openbsd.org/src/usr.bin

djm@ modified src/usr.bin/ssh/*: Add keystroke timing obfuscation to the client.

This attempts to hide inter-keystroke timings by sending interactive traffic at fixed intervals (default: every 20ms) when there is only a small amount of data being sent. It also sends fake "chaff" keystrokes for a random interval after the last real keystroke. These are controlled by a new ssh_config ObscureKeystrokeTiming keyword.

feedback/ok markus@

#OpenSSH #ssh

4 comments
Nikow

@brynet Excuse me my ignorance, but if I do not ask I will not know. Why does OpenBSD add such features? How does it improve my security?

Bryan Steele :flan_beard:

@nikow There's some further context in a recent discussion on the openssh-unix-dev@ mailling list.

marc.info/?t=169108819100001&r

mei
@nikow @brynet simply put, measuring just the timing of human typing can reveal information about what you're typing
js

@brynet Oh no, hopefully OpenSSH ping will not end up like OpenSSL ping! :flan_nooo:

Go Up