HackerTrans
TopNewTrendsCommentsPastAskShowJobs

SaltNHash

no profile record

Submissions

Show HN: KeyleSSH – SSH auth where the private key never exists

tide.org
4 points·by SaltNHash·6 ay önce·1 comments

The god mode vulnerability that should kill "Trust Microsoft" forever

tide.org
50 points·by SaltNHash·9 ay önce·31 comments

[untitled]

1 points·by SaltNHash·9 ay önce·0 comments

comments

SaltNHash
·3 ay önce·discuss
Great material. Good onya for sharing!
SaltNHash
·6 ay önce·discuss
Tide team here. Our dev Sasha built this PoC in a few weekends, using our SDK. Her core idea: Remove the risk of compromised keys, and the overhead of managing them at scale, by never having a key to steal. Instead the SSH signing operation is distributed across nodes using novel MPC-based threshold EdDSA – the key literally never exists in whole, not even momentarily in a TEE.

KeyleSSH is: - Browser-based SSH console - Auth via OIDC, signing via distributed novel MPC-based threshold EdDSA - appx 30 lines of core signing logic (the SDK does the heavy lifting)

It isn't (yet): - Production-ready. It's a PoC. - Fully decentralized. The nodes currently run on our testnet – we're working toward a proper decentralized mainnet. If you run infrastructure and are curious about operating nodes, happy to chat. - A silver bullet. Browser-based means endpoint compromise is still a threat vector.

Live demo: demo.keylessh.com Source: github.com/sashyo/keylessh

AMA about the protocol, the SDK, or the threat model.