Re: Traffic Analysis

To: clonvick%cisco.com@localhost
Subject: Re: Traffic Analysis
From: Ben Harris <bjh21%bjh21.me.uk@localhost>
Date: Mon, 17 Jan 2005 00:14:40 +0000

In article <Pine.HPX.4.58.0501161506080.12089%edison.cisco.com@localhost> you write:
>9.2.9  Traffic Analysis
>
>   Passive monitoring of any protocol may give an attacker some
>   information about the session, the user, or protocol specific
>   information that they would otherwise not be able to garner.  For
>   example, it has been shown that traffic analysis of an SSH session
>   can yield information about the length of the password.  [Openwall]
>   Implementors should use the SSH_MSG_IGNORE packet as described in
>   [SSH-TRANS] along with any other methods they may find to prevent
>   traffic analysis.

It might also be worth mentioning that the "random padding" field can be
used to obscure the length of packets.  I'd suggest, after "SSH_MSG_IGNORE
packet" adding ", and variable-length random padding,", though that wording
could doubtless be improved.

-- 
Ben Harris

Follow-Ups:
- Re: Traffic Analysis
  - From: Markus Friedl

References:
- Traffic Analysis
  - From: Chris Lonvick

Prev by Date: Re: Consenus on UTF8
Next by Date: Re: Traffic Analysis
Previous by Thread: Traffic Analysis
Next by Thread: Re: Traffic Analysis
Indexes:

Home | Main Index | Thread Index | Old Index