-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > During an IM session earlier today, Jonathan Schleifer mentioned to me > that he thinks the work of Song, Wagner, and Tian on SSH might apply > equally to instant messaging traffic: > > http://www.cs.berkeley.edu/~daw/papers/ssh-use01.pdf > > For an opposing view see: > > http://www.cs.virginia.edu/~evans/cs588-fall2001/projects/reports/team4.pdf > > It seems to me quite possible that IM traffic is more susceptible to > attacks of this kind than SSH is, especially given the existence of > things like chat state notifications: > > http://www.xmpp.org/extensions/xep-0085.html > > Thoughts? > > /psa
I personally totally fail to see how this attack applies to IM/XMPP. They are specifically taking advantage of the fact that SSH sends characters one-by-one in interactive mode to make brute-forcing easier by comparing the timing with gathered statistics for certain character combinations. This does not apply to XMPP at all. There is no traffic sent giving an attacker any clue how much time went by between a user typing two characters (AFAIK that is). Additionally typing notifications are not a good indicator of the length of a message, because a user might also delete characters (I have personally been typing rather short messages for minutes and rather long ones in seconds). If Jonathan has any other attacks in mind or found a way to apply this technique to XMPP I'd really like to hear about it. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFIl79Z0JXcdjR+9YQRAn1+AJsH2lQFVAsPSkAD9n2hTUTHXpez7ACfQAQt MFqGYIW1dRPUkAvysh+nfGc= =LO4R -----END PGP SIGNATURE-----
