[Cryptech Tech] goals / use cases

Fredrik Thulin fredrik at thulin.net
Wed Jan 28 18:43:06 UTC 2015

Previous message: [Cryptech Tech] goals / use cases
Next message: [Cryptech Tech] goals / use cases
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wednesday, January 28, 2015 06:40:28 PM Bernd Paysan wrote:
> Am Mittwoch, 28. Januar 2015, 16:30:33 schrieb Fredrik Thulin:
> > This exfiltration was said to be observable by even a passive attacker
> > sniffing an SSH session. Ouch.
> 
> AFAIK that was observing people typing in a password, and there, the timing
> interval correlates with the keys.  And SSH does not have an "accumulate all
> keystrokes for a password" mode.

Hmm, no I think that sounds like the age old SSH passive monitoring attack by 
Solar Designer

  http://www.openwall.com/articles/SSH-Traffic-Analysis

(see Interactive session weaknesses).

I think the one I remembered and talked about was this USENIX paper

  https://www.usenix.org/legacy/event/sec06/tech/shah/shah_html/jbug-Usenix06.html

Anyway, the point as Randy says is that there is no end to the possible side 
channel attacks in black box chips.

/Fredrik

Previous message: [Cryptech Tech] goals / use cases
Next message: [Cryptech Tech] goals / use cases
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Tech mailing list