Re: Remote Timing Techniques over TCP/IP

[Solar Designer <solar () openwall com>]

On Thu, Apr 18, 2002 at 09:45:53AM -0500, Mauro Lacy wrote:
> REMOTE TIMING TECHNIQUES

It's good to see this kind of weaknesses to start being publicized.  I
know there's another similar paper to be published soon.

We've been discussing the possibility to apply a variation of Kocher's
attack against SSH clients w/ RSA/DSA authentication (where a malicious
server would obtain the client's private key and be able to use that
against another server) with Markus and Niels of OpenSSH just recently.

I don't see how a client -> server attack against SSH would be possible
(other than on usernames and such).

The leak of usernames is of course the most obvious example, pretty much
every service is affected.  Of course we avoid leaks like that in our
code (popa3d, pam_tcb on Owl), but we haven't fixed our system libraries
(such as glibc's NSS modules) yet and those are used by all services.

-- 
/sd