Hacker News new | past | comments | ask | show | jobs | submit login

    Datagrams are encrypted and authenticated using
    AES-128 in OCB mode.
I'm curious to know more details. Does it leverage existing SSH auth infrastructure (ie. keys) for that, somehow?

Not exactly, no -- it's a new roaming secure datagram protocol. It uses SSH for the initial key _exchange_: if you run "mosh-server" by itself, you'll see it spit out a random 128-bit session key that protects the mosh session.

Is the protocol documented? I've looked at DTLS and I'm wondering how you prevent replay attacks and such.

It is documented in the research paper linked from the site, yeah. The big contribution with this protocol is that every authenticated datagram represents an idempotent operation on the recipient, so we don't have to worry about replay attacks as such.

I'm not sure how a terminal session can use only idempotent operations, but it sounds cool. I'll have to read the paper!

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact