Re: cooked mode sessions

[sjl%ssh.com@localhost (Sami J. Lehtinen)]

hyc%highlandsun.com@localhost ("Howard Chu") writes:

> I'd like to see support for client-side input processing, to
> eliminate
> the single-character echoing roundtrips that interactive sessions currently
> have.
> This should be similar to the Telnet LINEMODE option. For the majority of
> terminal
> sessions operating a command-line, there's no reason the client can't do all
> the
> input editing and just send complete lines to the server. This kind of
> feature will
> improve performance on slow links, and can also lessen the effectiveness of
> traffic-
> analysis attacks on a session by eliminating keystroke-timing information.

Why can't this be done with the current protocol spec?

> I also saw a Bubble Babble document in the archive, for encoding binary
> strings as
> English-readable strings. This kind of feature was present in the S/Key
> one-time-password system, and also proved to be a vulnerability. If the
> characters are typed
> one at a time, the language space is so limited that an eavesdropper can
> guess the
> remainder of the password before the user finishes typing it in. 

Bubble Babble is intended (and currently only used) as an encoding
style for fingerprints. So the situation you describe does not apply.

Cheers,
-- 
[sjl%ssh.com@localhost          --  Sami J. Lehtinen  --           sjl%iki.fi@localhost]
[work:+358 20 5007425][gsm:+358 40 864 3001][http://www.iki.fi/~sjl]
[SSH Communications Security Corp               http://www.ssh.com/]