On Sep 12, 2008, at 9:43 PM, Darrin Chandler wrote:
I'm saying what he's wanting to prevent - Eve watching input and
output to
figure out passwords, based on keyboard timing and typing patterns
- isn't
really an easy attack for Eve to accomplish without a huge amount
of data
being collected first.
Between my house and my servers are places that see pretty much all my
traffic, every day, over long periods of time. The closer in the
network
you get to either me or my servers, the more true that is.
At no time did I say Eve couldn't figure out other bits of
information by
treating the system as a black box and simply watching what goes in
vs what
comes out, or quietly sending in her own inputs.
Why treat it as a black box? Why limit it to "other bits?" The
question
is what can Eve see, and what can she do with it?
If Eve is in one of the switches and routers between you and the
system, why would she not treat the traffic (assuming Eve wants to be
undiscovered) as a black box? Capturing the traffic is easy. Finding
something useful in the patterns is hard and intensive analysis work,
dumping the ssh traffic specifically to gather enough to crack keys is
attacking the hardest piece of the puzzle. It's dumb unless you have a
shortcut of some sort: algorithmic screwup, someone screwing up an
required library, OpenSSL on Debian, or are a very good cryptographer
who happens to know an unpublished method to break OpenSSHs transport
encryption cyphers.
By "other bits" I mean correlated events. Let's say Eve sees 40 ssh
interactive packets enter the system, appropriate number of response
packets from the system to the appropriate remote IP, then traffic out
from a known IRC session to port 6667 of irc.efnet.org of roughly 35
characters (plus IRC protocol traffic as padding). She can't really
claim causation, but there's a good reason to see correlation. From
that Eve may get a system username, irc name, and possibly a few other
pieces of useful information. Or, she may get the information for an
IRC bot. Or information a system that's forwarding IRC through ssh to
irc.efnet.org.
I see what you mean, but the things you've been proposing are add-on
things that won't be adopted by the masses. I have trouble getting
people to use public key authentication, and that should be a
no-brainer.
I'm not proposing anything as an add-on. I do not see Eve as a direct
threat, therefor I don't inject extra noise to my ssh sessions. I rely
on the fact that folk much smarter than myself corrected and accounted
for the weaknesses in SSH1 when they designed and deployed SSH2.
Since someone is proposing a fundamental change in how OpenSSH
interacts with the shell, giving them a viable alternative which meets
the results they want makes my life easier.
That is your game, not mine. Your game is "see how difficult this can
be?"
No, my game is "why attack the hard math when there's far easier
systems and methods available." I do not think that someone will go
through the effort of discovering a password by keystroke timing
analysis and attacking the algorithm directly. Even in 2001, when this
paper was first published, I thought it was unlikely to be a real
threat. AFAIK, it still hasn't, even against SSH1. Hell, by then I
already had SSH2 as a default protocol, and it was enforced on all
systems I administrated; because of the key disclosure problem exposed
in February of that same year.
Like the EFF cracking a single DES key in 1998, attacking the session
might prove possible given enough - and the right - hardware to throw
at the problem. Short of a government or highly organized crime ring,
who has the time, hardware, and motivation to attack captured SSH2
traffic? Who would get enough session traffic to be able to recover
session keys? I suspect it would be easier to recover host key on the
remote system through badly coded PHP, or to bruteforce an account.
I'm very likable, and if I missed your point twice I got it after that
from the other messages you've sent. It's the same point over and
over.
Yes. KISS rule, probabilities on what's going to be attacked first.
