SSH keys stolen by stream of malicious PyPI and NPM packages

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
C Security Login file-sharing Cryptography

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • openssh-portable

    Portable OpenSSH

    • The key layout is described in https://github.com/openssh/openssh-portable/blob/master/PROT... and you can view it pretty easily via

    cat private_key_here | head -n -1 | tail -n +2 | base64 -d | xxd

    One I created in 2016 is using aes256-cbc with bcrypt for the kdf, which isn't awful at all.

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts