Proposal: always handle keys in separate process

Thomas Calderon calderon.thomas at gmail.com
Fri Jan 15 21:22:54 AEDT 2016


How about using the existing OpenSSH client's PKCS#11 support to
isolate keying material in a dedicated process?

A similar approach, "Practical key privilege separation using Caml
Crush", was discussed at FOSDEM'15 with a focus on
Heatbleed [1][2] but the ideas and principles are the same.

Now this is easily done using the following available components:
  - SoftHSM to store the crypto keys
  - Caml-Crush server components load the SoftHSM middleware (access
the keys) in a dedicated process
  - SSH client loads Caml-Crush PKCS#11 middleware that connects to
its daemon and allows to sign SSH exchange to authenticate

No patch needed.

Hope this helps,

Thomas

[1] https://archive.fosdem.org/2015/schedule/event/caml_crush/
[2] https://github.com/ANSSI-FR/caml-crush


On Fri, Jan 15, 2016 at 9:30 AM, Loganaden Velvindron
<loganaden at gmail.com> wrote:
> On Thu, Jan 14, 2016 at 7:12 PM, Alexander Wuerstlein <arw at cs.fau.de> wrote:
>> Hello,
>>
>> in light of the recent CVE-2016-0777, I came up with the following idea,
>> that would have lessened its impact. Feel free to ignore or flame me,
>> maybe its stupid or I missed something :)
>>
>
> Feel free to come up with a patch. In OpenSSH, it's a good idea to
> follow-up with a patch :)
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


More information about the openssh-unix-dev mailing list