HackerTrans
トップ新着トレンドコメント過去質問紹介求人

SaltNHash

no profile record

投稿

Show HN: KeyleSSH – SSH auth where the private key never exists

tide.org
4 ポイント·投稿者 SaltNHash·6 か月前·1 コメント

The god mode vulnerability that should kill "Trust Microsoft" forever

tide.org
50 ポイント·投稿者 SaltNHash·9 か月前·31 コメント

[untitled]

1 ポイント·投稿者 SaltNHash·9 か月前·0 コメント

コメント

SaltNHash
·3 か月前·議論
Great material. Good onya for sharing!
SaltNHash
·6 か月前·議論
Tide team here. Our dev Sasha built this PoC in a few weekends, using our SDK. Her core idea: Remove the risk of compromised keys, and the overhead of managing them at scale, by never having a key to steal. Instead the SSH signing operation is distributed across nodes using novel MPC-based threshold EdDSA – the key literally never exists in whole, not even momentarily in a TEE.

KeyleSSH is: - Browser-based SSH console - Auth via OIDC, signing via distributed novel MPC-based threshold EdDSA - appx 30 lines of core signing logic (the SDK does the heavy lifting)

It isn't (yet): - Production-ready. It's a PoC. - Fully decentralized. The nodes currently run on our testnet – we're working toward a proper decentralized mainnet. If you run infrastructure and are curious about operating nodes, happy to chat. - A silver bullet. Browser-based means endpoint compromise is still a threat vector.

Live demo: demo.keylessh.com Source: github.com/sashyo/keylessh

AMA about the protocol, the SDK, or the threat model.