Comment by coldtea
6 hours ago
>In 2023, ssh added keystroke timing obfuscation. The idea is that the speed at which you type different letters betrays some information about which letters you’re typing. So ssh sends lots of “chaff” packets along with your keystrokes to make it hard for an attacker to determine when you’re actually entering keys.
Why not just add random "jitter" to the keystroke packets, but keeping just the 1 actual packet?
Jitter could be filtered out, I presume.
How? You can't average out the noise here because the attack involves discriminating the different types of events from one another based on the thing you'd be averaging.
One clue is that you cannot predict what key user is going to press next reliably, so the jitter would always be added to actual key press. You can minimise that by adding constant latency, so that you could simulate pulling events back in time, but still this is going to get complex quick and still could be filtered out. As for methods, it depends on the jitter. Think of things like noise removal in audio and adaptive filtering. Adding extra packets is much easier and more secure.
1 reply →