Skip Navigation

In a first, cryptographic keys protecting SSH connections stolen in new attack

arstechnica.com In a first, cryptographic keys protecting SSH connections stolen in new attack

An error as small as a single flipped memory bit is all it takes to expose a private key.

In a first, cryptographic keys protecting SSH connections stolen in new attack
1
1 comments
  • This is the best summary I could come up with:


    Underscoring the importance of their discovery, the researchers used their findings to calculate the private portion of almost 200 unique SSH keys they observed in public Internet scans taken over the past seven years.

    SSH is the cryptographic protocol used in secure shell connections that allows computers to remotely access servers, usually in security-sensitive enterprise environments.

    The vulnerability occurs when there are errors during the signature generation that takes place when a client and server are establishing a connection.

    Another reason for the surprise is that until now, researchers believed that signature faults exposed only RSA keys used in the TLS—or Transport Layer Security—protocol encrypting Web and email connections.

    The researchers noted that since the 2018 release of TLS version 1.3, the protocol has encrypted handshake messages occurring while a web or email session is being negotiated.

    The new findings are laid out in a paper published earlier this month titled "Passive SSH Key Compromise via Lattices."


    The original article contains 596 words, the summary contains 157 words. Saved 74%. I'm a bot and I'm open source!