On Tue, 9 Oct 2001, Michael T. Babcock wrote:
> If we haven't seen a packet to be encrypted in one second, holding it
> until the next 10ms mark is fine. If we've seen a packet in the last
> second but not in the last 100ms, send the packet out on the next 2ms
> marker, etc.
Hmm, it's conceivable, but it would take some careful examination of the
problem to decide what the rules should be (and whether there is a rule
which will solve the problem without messing up other things).
> > ...In particular, it's really dumb
> > to have passwords going across a character at a time, when there is no
> > character-by-character interaction involved.
>
> Unfortunately, this isn't just a change to 'su' or some such interactive
> application, but to the terminal application being used. If I'm 'ssh'ing
> into a remote machine on which I run 'su', ssh doesn't 'know' that that
> application doesn't need my keystrokes until the newline. If there were
> some terminal emulation way of communicating "line at a time" mode, with
> echo on or off for input, it would help.
Uh, the Telnet protocol has had such a facility for a decade (Telnet
Linemode Option, RFC 1184), and I believe all modern implementations
support it; certainly Linux's telnet does. There is no fundamental reason
why SSH couldn't do something similar. Indeed, my impression is that it
already does, although I may be wrong.
Henry Spencer
henry@xxxxxxxxxxxxx
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
