On 7/4/24 8:57 AM, Jan Schermer wrote:
Hi, What I was trying to do (apart from toying with stuff) was to get a realiable, single, portable/importable credential that would be universally available whenever I need it but in normal operation would be either stored in or wrapped by Secure Enclave (this means EC keys), instead of provisioning 5 resident FIDO keys, one Secretive SE-wrapper key and a backup key. (I know, I could use certificates, and maybe I will!).
My first thought was that this might be vulnerable to attack to get access to the keys with the public M1/M2 exploit against the secure enclave due to the cache bug. If this was fixed in the M4, maybe you could limit it's use to newer apple silicon.
Lucas Holt _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
