Home ยป OpenSSH to Enhance Keystroke Timing Lock to Prevent Predicting Typed Words

OpenSSH to Enhance Keystroke Timing Lock to Prevent Predicting Typed Words

Damien Miller, a developer of the OpenSSH project, has introduced the ObscureKeystrokeTiming feature to lock the timing of keyboard data transmission. Instead of sending immediately, the data will now be sent at regular intervals, such as every 20 milliseconds. Additionally, fake keystrokes will be sent to create further confusion.

Although Secure Shell encrypts all data, there have been reports for over 20 years of analyzing the timing between keystrokes to predict passwords. Hackers can only see packet sizes and transmission intervals. However, since the timing of typing indicates the position of characters, it is possible to determine if characters were typed with different hands if they are typed in quick succession or if there are long pauses, it often indicates switching to typing numbers on the same hand. When hackers have enough analysis, coupled with weak passwords, they can guess the password.

It is not yet clear if this new feature will be included in the next version of OpenSSH. Generally, OpenSSH releases new versions every 1-4 months.

More Reading

Post navigation

Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

End of Life for OpenSSL Version 1.1.1 necessitates an Upgrade to OpenSSL 3.x

Enhancing Protocols: Encrypted Signals Fortify Quantum Computing

SecureShell Vulnerability Patch Revealed Ahead of RHEL by AlmaLinux