mosh (the mobile shell) is an interesting alternative to (open)ssh and actually uses it for authentication but its main data stream goes over UDP and is secured using a custom AES-based datagram protocol. The code and spec is all open, has been looked over, but at their own admittance has never gotten a fair "experts review".
What would be the process to get an open public security review going for a project such as mosh? -- *Maarten Billemont* (lhunath) me: http://www.lhunath.com – business: http://www.lyndir.com – http://masterpasswordapp.com
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
