- cross-posted to:
- [email protected]
- [email protected]
- cross-posted to:
- [email protected]
- [email protected]
Link to the paper: https://eprint.iacr.org/2023/1711.pdf
The vulnerability occurs when there are errors during the signature generation that takes place when a client and server are establishing a connection. It affects only keys using the RSA cryptographic algorithm, which the researchers found in roughly a third of the SSH signatures they examined. That translates to roughly 1 billion signatures out of the 3.2 billion signatures examined. Of the roughly 1 billion RSA signatures, about one in a million exposed the private key of the host.
You must log in or register to comment.
At least it only affects RSA keys.
I’ve been working on changing all of mine to ED25519. I guess I should get the rest of them changed out now.