OpenSSH to Keep Private Keys Encrypted at Rest in RAM


A commit for the OpenSSH project adds protection for private keys in memory when they are not in use, making it more difficult for an adversary to extract them through side-channel attacks leveraging hardware vulnerabilities.

OpenSSH is the most popular implementation of the SSH (Secure Shell) protocol, being the default solution in many Linux distributions for encrypting connections to a remote system.

The modification comes from Damien Miller, OpenBSD developer and security researcher at Google. The protection provided through his change consists in applying symmetric encryption to the OpenSSH private keys stored in RAM.

Read more…