search for: caml_crush

...ponents load the SoftHSM middleware (access the keys) in a dedicated process - SSH client loads Caml-Crush PKCS#11 middleware that connects to its daemon and allows to sign SSH exchange to authenticate No patch needed. Hope this helps, Thomas [1] https://archive.fosdem.org/2015/schedule/event/caml_crush/ [2] https://github.com/ANSSI-FR/caml-crush On Fri, Jan 15, 2016 at 9:30 AM, Loganaden Velvindron <loganaden at gmail.com> wrote: > On Thu, Jan 14, 2016 at 7:12 PM, Alexander Wuerstlein <arw at cs.fau.de> wrote: >> Hello, >> >> in light of the recent CVE-2016-0777...

Hello, in light of the recent CVE-2016-0777, I came up with the following idea, that would have lessened its impact. Feel free to ignore or flame me, maybe its stupid or I missed something :) - private key material should only ever be handled in a separate process from the SSH client. ssh-agent (maybe slightly extended) seems the logical choice. - in places where the client currently reads