O'Reilly Network: Time and Tide Wait for No Protocol: The SSH Keystroke Timing Attack | Linux Today

O’Reilly Network: Time and Tide Wait for No Protocol: The SSH Keystroke Timing Attack

Written By
Web Webster
Web Webster
Nov 9, 2001

“At the 10th Usenix Security Symposium (Washington
D.C., August 2001), U.C. Berkeley researchers Dawn Song, David
Wagner, and Xuqing Tian presented a paper titled, Timing Analysis
of Keystrokes and Timing Attacks on SSH . The paper describes their
research into applying traffic-analysis techniques to interactive
SSH connections in order to infer information about the encrypted
connection contents. The paper concludes that the keystroke timing
data observable from today’s SSH implementations reveals a
dangerously significant amount of information about user terminal
sessions–enough to locate typed passwords in the session data
stream and reduce the computational work involved in guessing those
passwords by a factor of 50.

Not surprisingly, this paper initiated a great deal of
discussion among SSH users, developers, and the security community
in general, especially in public forums such as Slashdot. In this
article, I will summarize the issues involved, discuss the paper’s
methods and conclusions, and dispel some of the often-repeated
misconceptions in the public’s reaction to this research.

The paper revolves around the notion of traffic analysis, and
while it uses SSH as a concrete example, the techniques involved
are not specific to SSH, but rather apply to most interactive
remote-terminal protocols as they are implemented today. The
principle of traffic analysis is that there is a lot of useful
information to be gleaned from the amount, timing, and direction of
network traffic, even if you can’t actually read the traffic
content itself. Suppose I’m monitoring the network port leading to
a system administrator’s office.”


Complete Story

Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.