thewayne: (Default)
[personal profile] thewayne
This is starting out with a warning: this article is really, REALLY deep computer security stuff, DO NOT dig into it if you don't have a minimal understanding of network encryption, SSH, RSA, etcetera! YOU WILL BE LOST!

RSA is a pretty much a deprecated encryption technique. While it was good in its day, it's somewhat broken and has been superseded by better methodologies, both because technology moves ever onward and because it's broken. Apparently it's mainly in use in old systems where companies haven't bothered to replace it: 'If it ain't broke, leave it alone', and just haven't budgeted the funds and time to get it done.

People who try to break computer security have found an interesting way to break RSA even worse. They monitor and sit and wait. The first thing that happens when establishing an SSH connection (and other secure types of connections) is a handshake - the computers send a few packets back and forth, exchange keys (encryption certificates), and get to know each other (proverbially). This handshake process is supposed to be encrypted and secured and not easily spied upon. Except sometimes it isn't.

Computers make mistakes. Sometimes the process that encrypts the handshake fails, it can be a memory bit failure, and this can reveal part of one of the private keys that provides the encryption to the handshake. These keys are generated by multiplying very large prime numbers. If you recover one of the keys, you can then recover the other key by dividing by great whomping big prime numbers. Once you break that, you have access to the certificates that created the secure connection and you can now sit in the middle and impersonate all traffic of either host.

This is what people in computer security call BAD.

OpenSSH applied fixes to try to prevent it, but some major vendors, including Cisco, roll their own code and had some pretty bad vulnerabilities to this problem. They might have fixed it, but when you're running closed-source software (where you've written your own code), rather than relying on an open software where there are tons of eyes looking for problems and testing, it's often weaker than the open source version such as OpenSSH.

Interesting times.

No real solid information as to whether or not this has been exploited in the wild as it's really hard to detect interception attacks like this.

https://arstechnica.com/security/2023/11/hackers-can-steal-ssh-cryptographic-keys-in-new-cutting-edge-attack/

Date: 2023-11-15 12:06 am (UTC)
disneydream06: (Disney Funny)
From: [personal profile] disneydream06
I left my shovel at home.
LOL!!!!!!!!!!!!!!!!
Hugs, Jon

Date: 2023-11-15 03:03 pm (UTC)
disneydream06: (Disney Funny)
From: [personal profile] disneydream06
LOL.............

Date: 2023-11-20 07:14 am (UTC)
silveradept: A kodama with a trombone. The trombone is playing music, even though it is held in a rest position (Default)
From: [personal profile] silveradept
Any attacker that engaged with such things is probably trying to sit on their successful compromise and try to remain as passive as possible, copying the data they're capturing in the middle and making sure that it still reaches the intended destination. As soon as they reveal what they've got, they're probably going to lose their information pipeline.

June 2025

S M T W T F S
123456 7
8910 11121314
15161718192021
22232425262728
2930     

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Jun. 12th, 2025 07:24 pm
Powered by Dreamwidth Studios