Skip Navigation

In a first, cryptographic keys protecting SSH connections stolen in new attack

arstechnica.com In a first, cryptographic keys protecting SSH connections stolen in new attack

An error as small as a single flipped memory bit is all it takes to expose a private key.

In a first, cryptographic keys protecting SSH connections stolen in new attack

Link to the paper: https://eprint.iacr.org/2023/1711.pdf

The vulnerability occurs when there are errors during the signature generation that takes place when a client and server are establishing a connection. It affects only keys using the RSA cryptographic algorithm, which the researchers found in roughly a third of the SSH signatures they examined. That translates to roughly 1 billion signatures out of the 3.2 billion signatures examined. Of the roughly 1 billion RSA signatures, about one in a million exposed the private key of the host.

1
1 comments