xs/TODO.txt

HKExSh TODO Ideas
--
Chaff Improvements
- Zipf or other distributions for chaff freq, packetsz
- Mimicry of hand-typed traffic for chaff on interactive sessions
- Client-input chaff file data (ie., Moby Dick)

KEx: Look at ECIES: https://godoc.org/github.com/bitherhq/go-bither/crypto/ecies
ThreeBears? BIKE?, NTRU?: https://www.safecrypto.eu/pqclounge/
NIST Round 1 submissions:
  https://csrc.nist.gov/projects/post-quantum-cryptography/round-1-submissions


Architecture
(DONE) - Move hkexnet components other than key exchange into a proper hkex package
  (ie., hkexsh imports hkex) - hkex should be usable for other client/svr utils,
  ala 'hkex-netcat')
  (parts split out into hkexnet/*, hkexsession.go)
(DONE) - Make KEx fully-pluggable: isolate all code to do with Herradura into a
  KEx-neutral pkg so it can be swapped out for other methods (eg., DH etc.)
(DONE - test branch) - Use system password db (/etc/{passwd,shadow})

Features
(DONE) - Support for hkcp (hkex-cp) - secure file copy protocol
(DONE) - auth tokens to allow scripted hkexsh/hkexcp use
(DONE) - tunnelling - multiple tunnel sessions co-existing w/shell sessions
- non-interactive tunnel-only mode
- reverse tunnels

Alternate transports for hkexsh.Conn - HTTP-mimicking traffic, ICMP, ... ?
(Whatever golang can support for net.Dial(), net.Accept(), io.Reader/Writer
 should in principle be usable as substrate for hkex.Conn)

Install
(DONE - openrc) - init scripts for open-rc/init (and systemd, sigh)
(DONE) - make install
- common packages (yum/deb/portage)