Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion
‎11-19-2023 10:37 PM
‎11-19-2023 10:37 PM

In a first, cryptographic keys protecting SSH connections stolen in new attack

Hi All

 

Be very careful what you wish for: 

 

It only took an error as small as a single flipped memory bit to expose a private key.

 

https://arstechnica.com/security/2023/11/hackers-can-steal-ssh-cryptographic-keys-in-new-cutting-edg...

 

Regards

 

Caute_Cautim

 

Preview file
674 KB
Reply
1 Reply
JoePete
Advocate I
‎11-20-2023 09:50 AM
‎11-20-2023 09:50 AM

As they note in the report, it is a very small percentage of SSH transactions that may be subject to this. You'd also already need access to the target. I guess the scenario would be a shared hosting service that clients access via SSH. Still there would have to be some host security shortcomings (it would seem) in order for Client A to eavesdrop on Client B's SSH session and its errors.

 

Still, the approach underscores that asymmetric cryptography is based upon the difficulty - not impossibility - of computing a private key from a public one, and we're beginning to see approaches that illustrate that such difficulty is not as high as once believed. 

Reply