Date: Wed, 22 Aug 2001 20:59:41 -0400 From: Leo Bicknell <bicknell@ufp.org> To: freebsd-hackers@FreeBSD.ORG Subject: Re: ssh password cracker - now this *is* cool! Message-ID: <20010822205941.A98321@ussenterprise.ufp.org> In-Reply-To: <200108230010.f7N0AGf27563@intruder.bmah.org>; from bmah@FreeBSD.ORG on Wed, Aug 22, 2001 at 05:10:16PM -0700 References: <200108222330.f7MNUUj80882@earth.backplane.com> <20010822195508.B93930@ussenterprise.ufp.org> <200108230010.f7N0AGf27563@intruder.bmah.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Aug 22, 2001 at 05:10:16PM -0700, Bruce A. Mah wrote:
> > Several people on other mailing lists have pointed out that Nagle
> > should make this much harder, although it's unclear how Nagle and
> > ssh interact. So far that has resulted in a number of degenerating
> > discussions of how things work. Of course, Nagle will not help
> > between two machines on the same ethernet segment, but probably
> > would make the process described in the paper much harder.
>
> Indeed. They also didn't discuss (or I didn't see it) the effects of
> queueing or jitter in the network on their scheme.
I just had a thought. It appears from the discussion that SSH encrypts
things (internal to ssh) in whatever unit is handed to the encryption
routine, that is something like:
for(;;) {
read(stdin, buffer);
encrypt(buffer);
write(network, buffer);
}
So, if read returns a single character, it encrypts a single character
and sends it. This results in the 20 byte packets in the article. Now,
20 bytes is small enough that Nagle might combine two of them into a
single 40 byte packet or similar making this harder. That said, it would
be much harder if something similar to Nagle was done in ssh:
for (;;) {
timer = gettime();
while ((len(buffer) < 20) && ((gettime() - timer) < 20ms)) {
read(stdin, buffer);
}
encrypt(buffer);
write(network, buffer);
}
This should allow two or three characters to go into a single block (which
would probably still be 20 bytes) and completely throw off the method they
were using.
--
Leo Bicknell - bicknell@ufp.org
Systems Engineer - Internetworking Engineer - CCIE 3440
Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010822205941.A98321>