IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
RE: Binary packet protocol rethink (was: Re: ChaCha20-Poly1305 for SSH)
Damien Miller <djm%mindrot.org@localhost> writes:
>There have been quite a few fingerprinting attack against websites using
>object sizes, e.g. Vincent Berg's work.
Sure, I'm aware of just under three dozen, but encrypted vs.unencrypted
lengths don't play a major role, they're used because they're there, not
because they're critical to the success of the process. You've got TCP
packet sizes (which generally make length-encryption irrelevant), packet
timing, message flows, everything that can be used will be used. In
particular, "Timing Analysis of Keystrokes and Timing Attacks on SSH"
worked against SSH even though the lengths were encrypted.
More or less the same debate is currently occurring on the TLS list,
where I commented that:
If you want to thwart traffic analysis, you need to do something
like what's done by designs like Aqua ("Towards Efficient Traffic-
analysis Resistant Anonymity Networks"), or ideas from any of the
other anti-traffic-analysis work that's emerged in the past decade
or two.
You get traffic analysis resistance by, for example, breaking data into
fixed-length packets, using cover traffic, and messing with packet
timings, not by encrypting TLS headers.
Peter.
Home |
Main Index |
Thread Index |
Old Index