Damien Miller (djm@)
The essence of the protection is that private keys, when not in use, are encrypted using a symmetric key, which is derived from a relatively large “prekey” consisting of random data (currently its size is 16 KB) .
From an implementation perspective, private keys are encrypted when loaded into memory and then automatically and transparently decrypted when used for signatures or when stored/serialized.
For a successful attack, attackers must recover the entire prekey with high accuracy before they can attempt to decrypt the protected private key. However, the current generation of attacks has such a bit recovery error rate that the sum of these errors makes correct recovery of the preshared key unlikely.
Source: opennet.ru