OpenSSH 9.5 introduced keystroke timing obfuscation to mitigate timing attacks via traffic analysis. Despite this, a researcher discovered a bypass that allows keystroke packets to be identified among the obfuscating 'chaff' packets. Using SSHniff and latency analysis tools, the researcher could infer commands typed during an SSH session, highlighting shortcomings in the current obfuscation methods. The bypass involves recognizing larger packet sizes produced during user keystrokes after the chaff has been triggered.
Table of contents
IntroductionThe existing problemObfuscation in a NutshellDiscovering the BypassFat PacketsSSHniffKeystroke Latency AnalysisSort: