topic In a first, cryptographic keys protecting SSH connections stolen in new attack in Threats https://community.isc2.org/t5/Threats/In-a-first-cryptographic-keys-protecting-SSH-connections-stolen/m-p/64708#M978 <P>Hi All</P><P>&nbsp;</P><P>Be very careful what you wish for:&nbsp;</P><P>&nbsp;</P><P>It only took an error as small as a single flipped memory bit to expose a private key.</P><P>&nbsp;</P><P><A href="https://arstechnica.com/security/2023/11/hackers-can-steal-ssh-cryptographic-keys-in-new-cutting-edge-attack/" target="_blank" rel="noopener">https://arstechnica.com/security/2023/11/hackers-can-steal-ssh-cryptographic-keys-in-new-cutting-edge-attack/</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P><H2>&nbsp;</H2> Mon, 20 Nov 2023 03:39:41 GMT Caute_cautim 2023-11-20T03:39:41Z In a first, cryptographic keys protecting SSH connections stolen in new attack https://community.isc2.org/t5/Threats/In-a-first-cryptographic-keys-protecting-SSH-connections-stolen/m-p/64708#M978 <P>Hi All</P><P>&nbsp;</P><P>Be very careful what you wish for:&nbsp;</P><P>&nbsp;</P><P>It only took an error as small as a single flipped memory bit to expose a private key.</P><P>&nbsp;</P><P><A href="https://arstechnica.com/security/2023/11/hackers-can-steal-ssh-cryptographic-keys-in-new-cutting-edge-attack/" target="_blank" rel="noopener">https://arstechnica.com/security/2023/11/hackers-can-steal-ssh-cryptographic-keys-in-new-cutting-edge-attack/</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P><H2>&nbsp;</H2> Mon, 20 Nov 2023 03:39:41 GMT https://community.isc2.org/t5/Threats/In-a-first-cryptographic-keys-protecting-SSH-connections-stolen/m-p/64708#M978 Caute_cautim 2023-11-20T03:39:41Z Re: In a first, cryptographic keys protecting SSH connections stolen in new attack https://community.isc2.org/t5/Threats/In-a-first-cryptographic-keys-protecting-SSH-connections-stolen/m-p/64727#M979 <P>As they note in the report, it is a very small percentage of SSH transactions that may be subject to this. You'd also already need access to the target. I guess the scenario would be a shared hosting service that clients access via SSH. Still there would have to be some host security shortcomings (it would seem) in order for Client A to eavesdrop on Client B's SSH session and its errors.</P><P>&nbsp;</P><P>Still, the approach underscores that asymmetric cryptography is based upon the difficulty - not impossibility - of computing a private key from a public one, and we're beginning to see approaches that illustrate that such difficulty is not as high as once believed.&nbsp;</P> Mon, 20 Nov 2023 14:50:30 GMT https://community.isc2.org/t5/Threats/In-a-first-cryptographic-keys-protecting-SSH-connections-stolen/m-p/64727#M979 JoePete 2023-11-20T14:50:30Z