[cryptography] Auditing the mobile shell's secure datagram protocol

Maarten Billemont lhunath at lyndir.com
Tue May 20 11:51:30 EDT 2014


mosh (the mobile shell) is an interesting alternative to (open)ssh and
actually uses it for authentication but its main data stream goes over UDP
and is secured using a custom AES-based datagram protocol.  The code and
spec is all open, has been looked over, but at their own admittance has
never gotten a fair "experts review".

What would be the process to get an open public security review going for a
project such as mosh?

-- 
*Maarten Billemont* (lhunath)
me: http://www.lhunath.com – business: http://www.lyndir.comhttp://masterpasswordapp.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20140520/7a7dac70/attachment.html>


More information about the cryptography mailing list