Bug#1082728: openssh: Passive SSH Key Compromise via Lattices (RSA host keys)
Package: openssh
Version: 1:9.9p1-1
Severity: grave
The paper,
Passive SSH Key Compromise via Lattices
Keegan Ryan, Kaiwen He, George Arnold Sullivan, and Nadia Heninger
https://eprint.iacr.org/2023/1711.pdf
details an attack that allows a passive observer to potentially
compromise RSA host keys. They also include details on internet-wide
scans to measure the prevalence of vulnerable signatures in the wild.
I'm not aware if there is a CVE for this yet. The only other reference I
have seen to it is this commit
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/commit/e3f33c64ec168a48038309af0c237eda86d10c74
--
Matt Taggart
matt@lackof.org
Reply to: