[Security] keystroke and timing attacks against IM traffic?

Peter Saint-Andre stpeter at stpeter.im
Tue Aug 5 11:24:39 CDT 2008


Florian Zeitz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Jonathan Schleifer schrieb:
>> Florian Zeitz <florian.zeitz at gmx.de> wrote:
>>
>>> If Jonathan has any other attacks in mind or found a way to apply this
>>> technique to XMPP I'd really like to hear about it.
>> I'm not saying I found an attack, but currently, an attacker would know
>> how long the message is _AND_ how long it has been typed. I could
>> imagine that this may make an attack easier.
>>
> 
> I personally doubt this. While you learn the length of the message, the
> how long it has been typed is difficult to figure out:
> http://www.cs.virginia.edu/~evans/cs588-fall2001/projects/reports/team4.pdf
> cites difficulties due to network latency.
> In the case of typing notifications there is additionally a delay until
> a "not typing any longer" event is sent or a unknown pause before
> someone presses enter (s/he might reread his message, might just press
> Enter immediately, might press Enter by accident in the middle of a
> message, etc.).
> And as stated before you can also delete characters while "typing".
> All this factors make getting a valid value for how long the message has
> been typed near impossible in real life IMHO.

I tend to agree. At least, I would be curious to see if anyone finds a 
real attack in this way.

/psa
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/security/attachments/20080805/8c656754/attachment-0001.bin 


More information about the Security mailing list