Interesting idea, would probably work too...
Wasn't there a similar idea put forward by some researcher for a similar attack on ssh; since ssh (like telnet) pushes each character/keystroke as urgent (ie, no buffering), it was speculated you might be able to statistically deduce what keystrokes (assuming a human typer with average typing skills) were being sent based on the delay between each char sent...

Ammo

Follow up: yep, found a refrence to that: http://www.securityfocus.com/news/241

Oh, if anyone wonders, it was determined that this threat was pretty much of theoritical/academic nature because implementation difficulties and "environmental" variables (like latency...):
http://www.ssh.com/company/newsroom/article/204/
http://www.cs.virginia.edu/~evans/cs...orts/team4.pdf