Damien Miller, a developer of the OpenSSH project, has introduced the ObscureKeystrokeTiming feature to lock the timing of keyboard data transmission. Instead of sending immediately, the data will now be sent at regular intervals, such as every 20 milliseconds. Additionally, fake keystrokes will be sent to create further confusion.
Although Secure Shell encrypts all data, there have been reports for over 20 years of analyzing the timing between keystrokes to predict passwords. Hackers can only see packet sizes and transmission intervals. However, since the timing of typing indicates the position of characters, it is possible to determine if characters were typed with different hands if they are typed in quick succession or if there are long pauses, it often indicates switching to typing numbers on the same hand. When hackers have enough analysis, coupled with weak passwords, they can guess the password.
It is not yet clear if this new feature will be included in the next version of OpenSSH. Generally, OpenSSH releases new versions every 1-4 months.
Leave a Comment