search for: securepasswordshell

...problem. As far as I can tell, the only countermeasure implemented in OpenSSH is that the server will echo back dummy messages (rather than nothing) when users enter passwords. But users expect all of their communication to be secret... not just their passwords! (There is no project called "SecurePasswordShell"!) I think Jason's approach is spot on: * keystrokes should be only sent at predetermined intervals (eg: every 50ms, or 20 times a second) * cover traffic at these fixed transmission times should be sent even if no keystroke is pressed. This can be turned off whenever a user is idle fo...