• lemmyvore
    link
    fedilink
    English
    811 year ago

    Only affects RSA keys, and then only 1 in a million keys are vulnerable. So this is mostly of academic (rather than practical) interest, but nevertheless it will lead to further hardening of the SSH protocol which is nice.

    • @PlasticExistence
      link
      English
      251 year ago

      It also appears to only affect non-OpenSSH secure shell implementations.

    • @deafboy
      link
      English
      11 year ago

      Security of a sufficiently long RSA key was the one true constant in my life. Poof… There it goes!

      Once attackers have possession of the secret key through passive observation of traffic, they can mount an active Mallory-in-the-middle

      Mallory in the middle would be a sick punkrock band name though.

  • AutoTL;DRB
    link
    fedilink
    English
    161 year ago

    This is the best summary I could come up with:


    Underscoring the importance of their discovery, the researchers used their findings to calculate the private portion of almost 200 unique SSH keys they observed in public Internet scans taken over the past seven years.

    SSH is the cryptographic protocol used in secure shell connections that allows computers to remotely access servers, usually in security-sensitive enterprise environments.

    The vulnerability occurs when there are errors during the signature generation that takes place when a client and server are establishing a connection.

    Another reason for the surprise is that until now, researchers believed that signature faults exposed only RSA keys used in the TLS—or Transport Layer Security—protocol encrypting Web and email connections.

    The researchers noted that since the 2018 release of TLS version 1.3, the protocol has encrypted handshake messages occurring while a web or email session is being negotiated.

    The new findings are laid out in a paper published earlier this month titled “Passive SSH Key Compromise via Lattices.”


    The original article contains 596 words, the summary contains 157 words. Saved 74%. I’m a bot and I’m open source!