Conversation

Notices

Embed this notice
Quad (quad@akko.quad.moe)'s status on Monday, 13-Nov-2023 22:08:07 JST Quad

Reminder that you should switch to using ed25519 for your ssh keys, if you haven't already.

ssh-keygen -t ed25519

From my understanding this issue does not affect OpenSSH, mostly embedded crap. So no need for full panic. But still a good reminder to consider throwing your RSA-based SSH keys in the trash

src. https://arstechnica.com/security/2023/11/hackers-can-steal-ssh-cryptographic-keys-in-new-cutting-edge-attack/
In conversation Monday, 13-Nov-2023 22:08:07 JST from akko.quad.moe permalink
Attachments
1. Untitled attachment
  https://akko.quad.moe/media/6421399c9f2cdf1e6c612737d3484685fd14a69a79103ce3c6c9de548fe2d9f5.png
2. Untitled attachment
  https://akko.quad.moe/media/c56075ea203d2a118689c82eae15f4763087e11c02c7fd0c96a3eb023db82b9a.png
3. Domain not in remote thumbnail source whitelist: cdn.arstechnica.net
  
  In a first, cryptographic keys protecting SSH connections stolen in new attack
  
  An error as small as a single flipped memory bit is all it takes to expose a private key.
- narcolepsy and alcoholism :flag: likes this.
- Embed this notice
  Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Monday, 13-Nov-2023 22:11:04 JST Haelwenn /элвэн/ :triskell:
  in reply to
  
  @quad Reminds me of being annoyed years ago when OpwnWRT (fun typo :D) was stuck to RSA due to dropbear (which I'd never use).
  
  In conversation Monday, 13-Nov-2023 22:11:04 JST permalink
- Embed this notice
  翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Monday, 13-Nov-2023 22:18:16 JST 翠星石
  in reply to
  
  @quad There's no real reason to switch to ed25519 if you've already generated 2048+ bit RSA keys, but ed25519 are good for new keys, as they're a lot shorter.
  
  The issue seems to affect proprietary ssh clients that are poorly programmed and not the RSA scheme itself, so the solution turns out to be not running proprietary malware yet again.
  
  I'm reminded of a past case where a bunch of proprietary TLS libraries all used the same weak primes (numbers that seem prime, but aren't) for key derivation (rather than randomly generating a strong prime as required by the spec), meaning the NSA and other parties could just do a bunch of brute-forcing against those weak primes and use the results to attack sessions using those weak primes, but I guess this one is fairly different.
  
  In conversation Monday, 13-Nov-2023 22:18:16 JST permalink
- Embed this notice
  翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Monday, 13-Nov-2023 22:19:47 JST 翠星石
  in reply to
  - Haelwenn /элвэн/ :triskell:
  @lanodan Dropbear does support ed25519 now, but there are indeed better ssh servers and also better router OS's that aren't proprietary.
  
  In conversation Monday, 13-Nov-2023 22:19:47 JST permalink

Public

Notices

Feeds