SSH Vulnerabilities Put User Data At Risk Of Traffic Analysis Attacks

Cryptographic researchers have identified flaws in Secure Shell (SSH) which might allow hackers to obtain information about a user's password or traffic being sent using the secure protocol. SSH has two weaknesses which might be exploited by traffic analysis that looked . . . Cryptographic researchers have identified flaws in Secure Shell (SSH) which might allow hackers to obtain information about a user's password or traffic being sent using the secure protocol. SSH has two weaknesses which might be exploited by traffic analysis that looked at the timing of keystrokes, according to a paper published by University of California, Berkeley researchers on the subject.

Firstly, if a block cipher is used, transmitted packets are packed with only an eight-bit boundary, which reveals the approximate size of original data. The second issue is that while in interactive mode every keystroke a user types is sent in a separate IP packet after a key is pressed, which gives information on a user's typing.

The link for this article located at TheRegister is no longer available.