Entering the mosh pit

Posted May 17, 2017 10:15 UTC (Wed) by flussence (guest, #85566)
In reply to: Entering the mosh pit by paulj
Parent article: Entering the mosh pit

It uses AES-OCB (https://tools.ietf.org/html/rfc7253) — this is the same encryption scheme Mumble uses for voice data, so I guess there's something to it that makes it good for interactive use.

Entering the mosh pit

Posted May 17, 2017 10:38 UTC (Wed) by HenrikH (subscriber, #31152) [Link]

The nonce in OCB mode needs not be secret and can thus be a counter which makes it work well for situations like this. So you simply use the packet-number as the nonce and thus it's no problem if packets are missing (the encryption is not chained) or are received out of order.

Entering the mosh pit

Posted May 17, 2017 20:29 UTC (Wed) by cgull (guest, #115681) [Link]

Mosh's crypto is pretty simple, it's just a textbook application of using OCB with a prearranged secret for sending messages back and forth (the secret is arranged over the initial SSH connection, so of course you must trust that).

There's nothing particularly special about OCB for interactive use, it has no particular advantage for that over any other AE mode.