OpenSSH is run by the OpenBSD project which is headed by Theo de Raadt. SSH or Secure Shell is a program used to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications over insecure channels. OpenSSH is a free implementation of the program.
Miller told iTWire in response to a query that the mitigation tried to make speculation and other leakage attacks unlikely to succeed. "The attacks all depend on having the data that they want to steal be available somewhere in RAM and exploit CPU or architectural weaknesses to get at some or all of it," he explained.
Spectre and Meltdown were disclosed in January 2018 and affect Intel processors made since 1995. Meltdown removes the barrier between user applications and sensitive parts of the operating system. Spectre, which is also reportedly found in some AMD and ARM processors, can trick vulnerable applications into leaking the contents of their memory.
According to Wikipedia, Rowhammer "is an unintended and undesirable side effect in dynamic random-access memory in which memory cells leak their charges and interact electrically between themselves, possibly leaking or changing the contents of nearby memory rows that were not addressed in the original memory access.
Rambleed takes advantage of the same flaw that is used for Rowhammer attacks, allowing an attacker to read the contents of protected memory, rather than modifying it.
Miller, who has been with the OpenSSH project since 1999 when it was started, said: "The attacks however are not perfect - they have a certain error rate when trying to steal copies of memory, and we expect that this error rate, coupled with the need for them to exactly recover the entire scattered key, will make the attacks impractical. If we're off in our math, then we still have a few improvements to make."
OpenSSH is the most widely used implementation of the secure shell protocol.