"Researchers Extract RSA Keys from SSH Server Signing Errors"

A team of researchers demonstrated that under certain conditions, passive network attackers can recover secret RSA keys from naturally occurring errors resulting in failed SSH connection attempts. SSH is a cryptographic network protocol for secure communication used in remote system access, file transfers, and system administration tasks. RSA is a public-key cryptosystem used in SSH for user authentication, and it involves a private, secret key to decrypt communication encrypted with a public, shareable key. A paper published by the team shows that a passive network attacker can obtain a private RSA key from SSH servers that experience errors during signature computation. This article continues to discuss the research on extracting RSA keys from SSH server signing errors.

Bleeping Computer reports "Researchers Extract RSA Keys from SSH Server Signing Errors"

Submitted by grigby1

Submitted by grigby1 CPVI on