Date: Wed, 22 Aug 2001 20:02:26 -0500 From: Alfred Perlstein <bright@mu.org> To: Leo Bicknell <bicknell@ufp.org> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: ssh password cracker - now this *is* cool! Message-ID: <20010822200226.W81307@elvis.mu.org> In-Reply-To: <20010822205941.A98321@ussenterprise.ufp.org>; from bicknell@ufp.org on Wed, Aug 22, 2001 at 08:59:41PM -0400 References: <200108222330.f7MNUUj80882@earth.backplane.com> <20010822195508.B93930@ussenterprise.ufp.org> <200108230010.f7N0AGf27563@intruder.bmah.org> <20010822205941.A98321@ussenterprise.ufp.org>
next in thread | previous in thread | raw e-mail | index | archive | help
* Leo Bicknell <bicknell@ufp.org> [010822 20:00] wrote:
> On Wed, Aug 22, 2001 at 05:10:16PM -0700, Bruce A. Mah wrote:
> > > Several people on other mailing lists have pointed out that Nagle
> > > should make this much harder, although it's unclear how Nagle and
> > > ssh interact. So far that has resulted in a number of degenerating
> > > discussions of how things work. Of course, Nagle will not help
> > > between two machines on the same ethernet segment, but probably
> > > would make the process described in the paper much harder.
> >
> > Indeed. They also didn't discuss (or I didn't see it) the effects of
> > queueing or jitter in the network on their scheme.
>
> I just had a thought. It appears from the discussion that SSH encrypts
> things (internal to ssh) in whatever unit is handed to the encryption
> routine, that is something like:
>
> for(;;) {
> read(stdin, buffer);
> encrypt(buffer);
> write(network, buffer);
> }
>
> So, if read returns a single character, it encrypts a single character
> and sends it. This results in the 20 byte packets in the article. Now,
> 20 bytes is small enough that Nagle might combine two of them into a
> single 40 byte packet or similar making this harder. That said, it would
> be much harder if something similar to Nagle was done in ssh:
>
> for (;;) {
> timer = gettime();
> while ((len(buffer) < 20) && ((gettime() - timer) < 20ms)) {
> read(stdin, buffer);
> }
> encrypt(buffer);
> write(network, buffer);
> }
>
> This should allow two or three characters to go into a single block (which
> would probably still be 20 bytes) and completely throw off the method they
> were using.
I think introducing any sort of latency would really suck, instead you
might want to consider the idea (as I've already suggested) of injecting
false 'empty' packets into the stream to throw off this sort of
cryptoanalysis.
--
-Alfred Perlstein [alfred@freebsd.org]
Ok, who wrote this damn function called '??'?
And why do my programs keep crashing in it?
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010822200226.W81307>