Behold, James Wilkinson <james(a)westexe.demon.co.uk> hath decreed:
On the possibility of "sniffing" a password sent through a
SSH-encrypted
tunnel:
There were a series of papers some time ago -- one of them is at
http://www.cs.virginia.edu/cs588/projects/reports/team4.pdf -- which
claimed that it was possible to guess which keys a user presses by
measuring the time between keystrokes.
I'm not privvy to the intricacies to the ssh authentication protocol, but
why doesn't/can't the ssh client simply not send any of the password until
the user presses Enter, thereby defeating this attack against an initial
ssh authentication (presumably the ssh client knows when the server is
asking for a password)? As for other passwords, such as sent to sudo once
the connection is established, the connection is encrypted, so it seems
unlikely the attack would work. And if all else fails, the ssh client could
(maybe it already does) insert some artificial random delays into
transmissions coming from key entries.
--
prothonotar at
tarnation.dyndns.org
"Every man is a mob, a chain gang of idiots."
- Jonathan Nolan, /Memento Mori/