Re: SSH Timing attacks
A random delay in an interactive session would get annoying before it came close to properly defeating the attack. A better option is to send a constant stream of packets at a regular interval, inserting dummies when no key has been pressed. This is the original comprehensive paper on SSH traffic analysis, and research around that time did lead to some improvements in various implementations: https://people.eecs.berkeley.edu/~daw/papers/ssh-use01.pdf
(Note that this new attack is about getting timing data from the Intel chipset, where you can't otherwise observe network traffic. Attacking SSH is just used an example of one possible use for this timing data).