http://mosh.mit.edu/ http://mosh.mit.edu/mosh-paper-draft.pdf
Abstract This paper describes Mosh, a mobile shell application that supports intermittent connectivity, allows roaming, and provides speculative local echo of user keystrokes. Mosh is built on the State Synchronization Protocol, a new UDP-based protocol that securely synchronizes client and server state, even across client IP address changes. Mosh uses SSP to synchronize a character-cell terminal emulator. By maintaining the terminal state at both client and server, the Mosh client predicts the effect of user keystrokes and speculatively displays many of its predictions without waiting for the server to echo.
Hat's off to anyone brave enough to consider a correct and supportable MitM on something as complex as the ANSI/vt UTF-8 terminal protocol.
It occurred to me that if Mosh could allow the client to hide the inter-keystroke timing (and perhaps that of the response too) with minimal disruption, it could represent a great mitigation for the timing attack vulnerability presented by SSH's (effectively) packet-per-keystroke model.
The research on timing attacks always seems to indicate that any mitigation requires adding a surprisingly large amount of delay. Without something like this the amount of Nagleing needed to be useful would likely be very annoying.
- Marsh _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
