To all who opposed the suggestion to send one block of data when the <Enter> key is pressed: my suggestion strictly referred to the login procedure, not to the later data communication. I did not mention this because I thought it was clear from the context of the original poster who has expressively mentioned "passwords". You may want to reconsider the suggestion in this light. > Some secure protocols like SSH send encrypted keystrokes > as they're typed. By doing timing analysis you can figure > out which keys the user probably typed (keys that are > physically close together on a keyboard can be typed > faster). A careful analysis can reveal the length of > passwords and probably some of password itself.
Harald
