"In a first, cryptographic keys protecting SSH connections stolen in new attack" (arstechnica.com)
from indepndnt@lemmy.world to cybersecurity@infosec.pub on 14 Nov 2023 15:39 +0000

I read most of this article trying to determine if I was impacted, so to save you the trouble:

The researchers traced the keys they compromised to devices that used custom, closed-source SSH implementations that didn’t implement the countermeasures found in OpenSSH and other widely used open source code libraries.


ghostface@lemmy.world on 14 Nov 2023 16:16 +0000 next

You da real mvp

BestBouclettes@jlai.lu on 14 Nov 2023 16:48 +0000 next

I migrated most of my keys to ed25519 a while ago, I probably should keep going

pudcollar@lemmy.ml on 14 Nov 2023 16:55 +0000

tldr 1 in a million RSA keys are vulnerable