13
In a first, cryptographic keys protecting SSH connections stolen in new attack (arstechnica.com)
submitted 7 months ago by [email protected] to c/[email protected]
1 comments fedilink hide all child comments

Link to the paper: https://eprint.iacr.org/2023/1711.pdf

The vulnerability occurs when there are errors during the signature generation that takes place when a client and server are establishing a connection. It affects only keys using the RSA cryptographic algorithm, which the researchers found in roughly a third of the SSH signatures they examined. That translates to roughly 1 billion signatures out of the 3.2 billion signatures examined. Of the roughly 1 billion RSA signatures, about one in a million exposed the private key of the host.

top 1 comments
sorted by: hot top controversial new old
[-] [email protected] 3 points 7 months ago

At least it only affects RSA keys.

I've been working on changing all of mine to ED25519. I guess I should get the rest of them changed out now.

this post was submitted on 15 Dec 2023
13 points (100.0% liked)

netsec

1144 readers
1 users here now

Technical news and discussion of information security.

Rules:

  1. Be excellent to each other
  2. Keep it on topic
  3. Absolutely no PII or doxing
  4. No disclosure posts

founded 1 year ago
MODERATORS
[email protected]