OpenSSH gets protection against attacks like Spectre, Meltdown, Rowhammer, and Rambleed

SSH, OpenSSH

The OpenSSH project is getting protection against side-channel attacks that are known to leak data from a computer’s memory, and allow malicious threat actors to steal sensitive information.

The protections were added to the OpenSSH code yesterday, June 20, by Damien Miller, a Google security researcher, and one of the top OpenSSH and OpenBSD developers.

OpenSSH to encrypt private keys in RAM

According to Miller, OpenSSH will encrypt SSH (Secure SHell) private keys while they are at rest inside a computer’s RAM. SSH private keys can be used by malicious threat actors to connect to remote servers without the need of a password.

If an attacker manages to extract data from a computer or server’s RAM, they will only obtain an encrypted version of a SSH private key, rather than the cleartext version.

Per Miller, this protection will be able to stop side-channel attacks like Spectre, Meltdown, Rowhammer, and Rambleed, dead in their tracks.

These attacks have come to light in recent years. They are the work of academic research, which found hardware design faults in CPUs and RAM components. These faults can be exploited to leak data being processed inside the CPU or RAM.

Encryption enough to stop some attacks

According to Miller’s code commit, “this change encrypts private keys when they are not in use with a symmetic key that is derived from a relatively large ‘prekey’ consisting of random data (currently 16KB).”

“Attackers must recover the entire prekey with high accuracy before they can attempt to decrypt the shielded private key, but the current generation of attacks have bit error rates that, when applied cumulatively to the entire prekey, make this unlikely,” he added.

“Implementation-wise, keys are encrypted ‘shielded’ when loaded and then automatically and transparently unshielded when used for signatures or when being saved/serialised,” Miller said.

The OpenSSH dev hopes they’ll be able to remove this special protection against side-channel attacks “in a few years time when computer architecture has become less unsafe.”

OpenSSH is the default SSH client in most operating systems, from OpenBSD (for which it was initially developed for) to Windows 10 (the latest OS to support it).

Related cybersecurity coverage:

About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

E-Crypto News Executive Interviews

Automated trading with HaasBot Crypto Trading Bots

Blockchain/Cryptocurrency Questions and Answers

How to Choose a Legit Crypto Casino?
August 5, 2022
Spend Crypto
5 Ways to Spend Crypto
August 2, 2022
What Is A DAO LLC?
What Is A DAO LLC?
August 2, 2022
Can Running A Lightning Node Earn You Passive Income?
Can Running A Lightning Node Earn You Passive Income?
July 5, 2022
Is The Crypto Market Combating A Lehman Brothers Moment?
June 30, 2022


CryptoCurrencyUSDChange 1hChange 24hChange 7d
? --- 0.00 % 0.00 %
? --- 0.00 % 0.00 %
? --- 0.00 % 0.00 %
? --- 0.00 % 0.00 %
? --- 0.00 % 0.00 %
? --- 0.00 % 0.00 %
? --- 0.00 % 0.00 %
? --- 0.00 % 0.00 %
Solana42.12 0.56 % 2.22 % 3.81 %
? --- 0.00 % 0.00 %

bitcoin
Bitcoin (BTC) $ 23,084.00
ethereum
Ethereum (ETH) $ 1,685.34
tether
Tether (USDT) $ 1.00
usd-coin
USD Coin (USDC) $ 1.00
bnb
BNB (BNB) $ 317.27
binance-usd
Binance USD (BUSD) $ 1.00
xrp
XRP (XRP) $ 0.363984
cardano
Cardano (ADA) $ 0.508619
solana
Solana (SOL) $ 40.28
polkadot
Polkadot (DOT) $ 8.74