How SSH Key Shielding Works

by
Fnord666
from SoylentNews on (#4WTSR)

An Anonymous Coward writes:

On June 21, 2019, support for SSH key shielding was introduced into the OpenBSD tree, from which the OpenSSH releases are derived. SSH key shielding is a measure intended to protect private keys in RAM against attacks that abuse bugs in speculative execution that current CPUs exhibit.[0] This functionality has been part of OpenSSH since the 8.1 release. SSH private keys are now being held in memory in a shielded form; keys are only unshielded when they are used and re"shielded as soon as they are no longer in active use. When a key is shielded, it is encrypted in memory with AES"256"CTR; this is how it works: [...]

https://xorhash.gitlab.io/xhblog/0010.html

Original Submission

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments