HackerTrans
热门最新趋势评论往期问答秀出招聘

SaltNHash

no profile record

提交

Show HN: KeyleSSH – SSH auth where the private key never exists

tide.org
4 分·作者 SaltNHash·6个月前·1 评论

The god mode vulnerability that should kill "Trust Microsoft" forever

tide.org
50 分·作者 SaltNHash·10个月前·31 评论

[untitled]

1 分·作者 SaltNHash·10个月前·0 评论

评论

SaltNHash
·3个月前·讨论
Great material. Good onya for sharing!
SaltNHash
·6个月前·讨论
Tide team here. Our dev Sasha built this PoC in a few weekends, using our SDK. Her core idea: Remove the risk of compromised keys, and the overhead of managing them at scale, by never having a key to steal. Instead the SSH signing operation is distributed across nodes using novel MPC-based threshold EdDSA – the key literally never exists in whole, not even momentarily in a TEE.

KeyleSSH is: - Browser-based SSH console - Auth via OIDC, signing via distributed novel MPC-based threshold EdDSA - appx 30 lines of core signing logic (the SDK does the heavy lifting)

It isn't (yet): - Production-ready. It's a PoC. - Fully decentralized. The nodes currently run on our testnet – we're working toward a proper decentralized mainnet. If you run infrastructure and are curious about operating nodes, happy to chat. - A silver bullet. Browser-based means endpoint compromise is still a threat vector.

Live demo: demo.keylessh.com Source: github.com/sashyo/keylessh

AMA about the protocol, the SDK, or the threat model.