[25190] in bugtraq
Re: Remote Timing Techniques over TCP/IP
daemon@ATHENA.MIT.EDU (stealth)
Sat Apr 20 15:10:29 2002
Date: Sat, 20 Apr 2002 16:45:07 +0000
From: stealth <stealth@segfault.net>
To: Solar Designer <solar@openwall.com>
Cc: bugtraq@securityfocus.com
Message-ID: <20020420164507.GB5408@segfault.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020419052810.A25205@openwall.com>
On Fri, Apr 19, 2002 at 05:28:10AM +0400, Solar Designer wrote:
> On Thu, Apr 18, 2002 at 09:45:53AM -0500, Mauro Lacy wrote:
> > REMOTE TIMING TECHNIQUES
>
> It's good to see this kind of weaknesses to start being publicized. I
> know there's another similar paper to be published soon.
>
> We've been discussing the possibility to apply a variation of Kocher's
> attack against SSH clients w/ RSA/DSA authentication (where a malicious
> server would obtain the client's private key and be able to use that
> against another server) with Markus and Niels of OpenSSH just recently.
>
> I don't see how a client -> server attack against SSH would be possible
> (other than on usernames and such).
>
> The leak of usernames is of course the most obvious example, pretty much
> every service is affected. Of course we avoid leaks like that in our
> code (popa3d, pam_tcb on Owl), but we haven't fixed our system libraries
> (such as glibc's NSS modules) yet and those are used by all services.
Probably speaking of
http://stealth.7350.org/epta.tgz which describes timing-weaknesses
in UNIX daemons+libs. ;-)
It also contains some sourcecode which demonstrates that these attacks
are possible.
Maybe one is able to join all the stuff ;-)
regards,
S.
