this post was submitted on 25 Jun 2026
52 points (98.1% liked)
Linux
14292 readers
239 users here now
A community for everything relating to the GNU/Linux operating system (except the memes!)
Also, check out:
Original icon base courtesy of lewing@isc.tamu.edu and The GIMP
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Thanks to these attacks I think creds got to all move to physical security keys so there's nothing to (digitally) steal any more.This tool is a good idea for the short term.
Yes using TPM protected TSS2 keys would tie them to your actual machine since only that TPM can internally decrypt them and use them without then being accessible outside. The TPM could be a discrete chip or a software/virtual one.
For instance OpenSSL has an engine/provider for tpm2-tss however I think the software using the keys needs to be engine-aware.