From owner-freebsd-hackers Wed Aug 22 18: 0:27 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from ussenterprise.ufp.org (ussenterprise.ufp.org [208.185.30.210]) by hub.freebsd.org (Postfix) with ESMTP id ABD6437B428 for ; Wed, 22 Aug 2001 17:59:41 -0700 (PDT) (envelope-from bicknell@ussenterprise.ufp.org) Received: (from bicknell@localhost) by ussenterprise.ufp.org (8.11.1/8.11.1) id f7N0xf798475 for freebsd-hackers@FreeBSD.ORG; Wed, 22 Aug 2001 20:59:41 -0400 (EDT) (envelope-from bicknell) Date: Wed, 22 Aug 2001 20:59:41 -0400 From: Leo Bicknell To: freebsd-hackers@FreeBSD.ORG Subject: Re: ssh password cracker - now this *is* cool! Message-ID: <20010822205941.A98321@ussenterprise.ufp.org> Mail-Followup-To: Leo Bicknell , freebsd-hackers@FreeBSD.ORG References: <200108222330.f7MNUUj80882@earth.backplane.com> <20010822195508.B93930@ussenterprise.ufp.org> <200108230010.f7N0AGf27563@intruder.bmah.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200108230010.f7N0AGf27563@intruder.bmah.org>; from bmah@FreeBSD.ORG on Wed, Aug 22, 2001 at 05:10:16PM -0700 Organization: United Federation of Planets Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, Aug 22, 2001 at 05:10:16PM -0700, Bruce A. Mah wrote: > > Several people on other mailing lists have pointed out that Nagle > > should make this much harder, although it's unclear how Nagle and > > ssh interact. So far that has resulted in a number of degenerating > > discussions of how things work. Of course, Nagle will not help > > between two machines on the same ethernet segment, but probably > > would make the process described in the paper much harder. > > Indeed. They also didn't discuss (or I didn't see it) the effects of > queueing or jitter in the network on their scheme. I just had a thought. It appears from the discussion that SSH encrypts things (internal to ssh) in whatever unit is handed to the encryption routine, that is something like: for(;;) { read(stdin, buffer); encrypt(buffer); write(network, buffer); } So, if read returns a single character, it encrypts a single character and sends it. This results in the 20 byte packets in the article. Now, 20 bytes is small enough that Nagle might combine two of them into a single 40 byte packet or similar making this harder. That said, it would be much harder if something similar to Nagle was done in ssh: for (;;) { timer = gettime(); while ((len(buffer) < 20) && ((gettime() - timer) < 20ms)) { read(stdin, buffer); } encrypt(buffer); write(network, buffer); } This should allow two or three characters to go into a single block (which would probably still be 20 bytes) and completely throw off the method they were using. -- Leo Bicknell - bicknell@ufp.org Systems Engineer - Internetworking Engineer - CCIE 3440 Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message