GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Quad (quad@akko.quad.moe)'s status on Monday, 13-Nov-2023 22:08:07 JST Quad Quad
    Reminder that you should switch to using ed25519 for your ssh keys, if you haven't already.

    ssh-keygen -t ed25519

    From my understanding this issue does not affect OpenSSH, mostly embedded crap. So no need for full panic. But still a good reminder to consider throwing your RSA-based SSH keys in the trash

    src. https://arstechnica.com/security/2023/11/hackers-can-steal-ssh-cryptographic-keys-in-new-cutting-edge-attack/
    In conversation about a year ago from akko.quad.moe permalink

    Attachments


    1. https://akko.quad.moe/media/6421399c9f2cdf1e6c612737d3484685fd14a69a79103ce3c6c9de548fe2d9f5.png

    2. https://akko.quad.moe/media/c56075ea203d2a118689c82eae15f4763087e11c02c7fd0c96a3eb023db82b9a.png
    3. Domain not in remote thumbnail source whitelist: cdn.arstechnica.net
      In a first, cryptographic keys protecting SSH connections stolen in new attack
      An error as small as a single flipped memory bit is all it takes to expose a private key.
    • narcolepsy and alcoholism :flag: likes this.
    • Embed this notice
      Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Monday, 13-Nov-2023 22:11:04 JST Haelwenn /элвэн/ :triskell: Haelwenn /элвэн/ :triskell:
      in reply to
      @quad Reminds me of being annoyed years ago when OpwnWRT (fun typo :D) was stuck to RSA due to dropbear (which I'd never use).
      In conversation about a year ago permalink
    • Embed this notice
      翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Monday, 13-Nov-2023 22:18:16 JST 翠星石 翠星石
      in reply to
      @quad There's no real reason to switch to ed25519 if you've already generated 2048+ bit RSA keys, but ed25519 are good for new keys, as they're a lot shorter.

      The issue seems to affect proprietary ssh clients that are poorly programmed and not the RSA scheme itself, so the solution turns out to be not running proprietary malware yet again.

      I'm reminded of a past case where a bunch of proprietary TLS libraries all used the same weak primes (numbers that seem prime, but aren't) for key derivation (rather than randomly generating a strong prime as required by the spec), meaning the NSA and other parties could just do a bunch of brute-forcing against those weak primes and use the results to attack sessions using those weak primes, but I guess this one is fairly different.
      In conversation about a year ago permalink
    • Embed this notice
      翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Monday, 13-Nov-2023 22:19:47 JST 翠星石 翠星石
      in reply to
      • Haelwenn /элвэн/ :triskell:
      @lanodan Dropbear does support ed25519 now, but there are indeed better ssh servers and also better router OS's that aren't proprietary.
      In conversation about a year ago permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.