Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Investigate OpenBSD SSH protections against side-channel attacks #88
Essentially what they do is store a 16 KiB "prekey" and use it to derive the actual key when it is needed. The rationale is that the prekey has to be recovered with high accuracy by the attacker and current generation side-channel attacks are slow and have error-rates that make this unlikely.
In order to implement something like this ourselves, I was thinking something along the lines of:
The current scheme changes the value very rapidly and so exfiltrating both partitions fast enough to recover the key may be difficult. We also minimise the time the unlocked key spends existing.
I may revisit this in the future but for now our current scheme seems sufficient.