News

Researchers from the University of California at Berkeley recently published a study on statistical analysis of passwords transmitted over encrypted connections paris.cs.berkeley.edu/~dawnsong/ssh-timing.html.

The attack presented by the researchers does not pose a practical threat to SSH Secure Shell users because:

• SSH Secure Shell transmits the user's normal login password in one encrypted packet. Thus, timing the individual characters by monitoring the encrypted traffic is not possible.
  
• Determining the length of the packet as described in the article is not possible, because SSH Secure Shell 3.0.0 and later pad the password packet so that its length cannot be determined.
  
• If a password to another application or server is typed over an established SSH Secure Shell connection, performing timing analysis on this password is theoretically possible. However, it is not practical in reality, because:
  
  
  
  
  • The attack requires reliable per-user reference data on keystroke timings, which requires co-operation from the user.
    
  • Determining where a password starts in an encrypted connection is probabilistic, and the analysis is confused by falsely guessed password locations in the session.
    
  • According to our analysis, performing the attack on a realistic 8-character password with unrestricted character set would require approximately 120 terabytes (120 000 gigabytes) of memory, which is not feasible with the technology available in the next several years.
    
  
  
• Even if someone was able to successfully perform the attack, it would only reduce the work factor for trying all possible passwords by a factor of 50, which corresponds to shortening the password by approximately one character (i.e., an 8-character password would become effectively a 7-character password which would still have to be guessed correctly).
  

SSH Secure Shell has been pioneering advanced authentication methods which are not susceptible to the statistical attack. RSA authentication and the SSH Authentication Agent provide secure login and single sign-on even when connecting to other machines over an established connection. Combined with SSH Certifier, SSH Secure Shell offers manageable, secure token or digital signature based authentication infrastructure that completely avoids the weaknesses of traditional passwords.

© 2002 SSH Communications Security Corp. All rights reserved. ssh® is a registered trademark of SSH Communications Security Corp in the United States and in certain other jurisdictions. All other names and marks are property of their respective owners.