Buffer keys at 100 ms intevals [LWN.net]

Buffer keys at 100 ms intevals

Posted Sep 18, 2008 15:55 UTC (Thu) by docwhat (subscriber, #40373)
In reply to: Buffer keys at 100 ms intevals by felixfix
Parent article: OpenSSH and keystroke timings

Adding chaff might be easier and less disruptive. Have SSH randomly send non-keystroke keystroke-like packets every so often. Latency wouldn't be effected much.

You could also randomly time shift keys characters by a 1ms or two every so often. I don't think a user would notice that.

Ciao!

(Log in to post comments)

Buffer keys at 100 ms intevals

Posted Sep 18, 2008 18:17 UTC (Thu) by felixfix (subscriber, #242) [Link]

Those are both better ideas :-) The chaff one is fun, but the time shifting sender is the best, since it produces no chaff for the receiver to have to discard. My batching idea might also require a receiver change, if keystroke packets can only have single keys now. The time shifter can be done entirely on the sender side and the receiver will never know the difference.

Buffer keys at 100 ms intevals

Posted Sep 18, 2008 19:29 UTC (Thu) by docwhat (subscriber, #40373) [Link]

Sure. Implement the key jitter-time-shift idea now. Then later you can add stuff that requires the receiver to understand it's chaff.

Ideally, the packets should be the same size, so keys and chaff should both be the same structure except that the chaff has an extra bit saying it's chaff.

An alternative that may be implementable now (I don't know much about the SSHv2 protocol) is to use a bogus encryption key so that it is rejected on the receiving side. That'll add additional confusion to anyone trying to break the stream as they'll have to separate the differently encrypted packets from one another.

Ciao!