[Security] keystroke and timing attacks against IM traffic?

Florian Zeitz florian.zeitz at gmx.de
Tue Aug 5 07:15:03 CDT 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jonathan Schleifer schrieb:
> Florian Zeitz <florian.zeitz at gmx.de> wrote:
> 
>> If Jonathan has any other attacks in mind or found a way to apply this
>> technique to XMPP I'd really like to hear about it.
> 
> I'm not saying I found an attack, but currently, an attacker would know
> how long the message is _AND_ how long it has been typed. I could
> imagine that this may make an attack easier.
> 

I personally doubt this. While you learn the length of the message, the
how long it has been typed is difficult to figure out:
http://www.cs.virginia.edu/~evans/cs588-fall2001/projects/reports/team4.pdf
cites difficulties due to network latency.
In the case of typing notifications there is additionally a delay until
a "not typing any longer" event is sent or a unknown pause before
someone presses enter (s/he might reread his message, might just press
Enter immediately, might press Enter by accident in the middle of a
message, etc.).
And as stated before you can also delete characters while "typing".
All this factors make getting a valid value for how long the message has
been typed near impossible in real life IMHO.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFImERH0JXcdjR+9YQRAs34AJ9j4foq+0+qLukiBgC8LqwqpteangCfR9Ux
H767FVzsNR1zUE/rFAcVqHk=
=ZEYE
-----END PGP SIGNATURE-----


More information about the Security mailing list