HackerTrans
TopNewTrendsCommentsPastAskShowJobs

SaltNHash

no profile record

Submissions

Show HN: KeyleSSH – SSH auth where the private key never exists

tide.org
4 points·by SaltNHash·6 bulan yang lalu·1 comments

The god mode vulnerability that should kill "Trust Microsoft" forever

tide.org
50 points·by SaltNHash·9 bulan yang lalu·31 comments

[untitled]

1 points·by SaltNHash·9 bulan yang lalu·0 comments

comments

SaltNHash
·3 bulan yang lalu·discuss
Great material. Good onya for sharing!
SaltNHash
·6 bulan yang lalu·discuss
Tide team here. Our dev Sasha built this PoC in a few weekends, using our SDK. Her core idea: Remove the risk of compromised keys, and the overhead of managing them at scale, by never having a key to steal. Instead the SSH signing operation is distributed across nodes using novel MPC-based threshold EdDSA – the key literally never exists in whole, not even momentarily in a TEE.

KeyleSSH is: - Browser-based SSH console - Auth via OIDC, signing via distributed novel MPC-based threshold EdDSA - appx 30 lines of core signing logic (the SDK does the heavy lifting)

It isn't (yet): - Production-ready. It's a PoC. - Fully decentralized. The nodes currently run on our testnet – we're working toward a proper decentralized mainnet. If you run infrastructure and are curious about operating nodes, happy to chat. - A silver bullet. Browser-based means endpoint compromise is still a threat vector.

Live demo: demo.keylessh.com Source: github.com/sashyo/keylessh

AMA about the protocol, the SDK, or the threat model.