670 sats \ 0 replies \ @sovereign 5 Oct 2023 \ on: OpenSSH 9.5 released with keystroke timing obfuscation tech
Imagine your style of typing on a keyboard, where each keypress has its own unique timing - this can be akin to your typing "fingerprint".
For instance, you might press the letter "d" slightly faster than the letter "q" on a QWERTY keyboard, possibly because "d" is typed with a stronger finger and is centrally located.
These subtle timing differences between keystrokes can potentially be "fingerprinted" by attackers who analyze the rhythm of your typing.
Now, let’s visualize the new OpenSSH feature as a bus system: every keypress must wait at a bus stop, and a bus (data packet) arrives at a regular interval to pick them up.
Even if "d" leaves its home earlier than "q", they might arrive at the destination (the OpenSSH server) at the same time because they took the same bus.
This metaphorical bus system obscures the original typing rhythm since an observer (the attacker) can only see when each letter gets on the bus (leaves your computer) and when it gets off the bus (arrives at the server), not the exact time it left its home (when the key was pressed).
Additionally, after you’ve finished typing, extra, random letters also ride the bus, making it look like you typed more letters than you actually did.
This can further complicate an attacker's attempt to figure out how many keys you pressed, and when, enhancing the security of your typing data.