Bug#1082728: openssh: Passive SSH Key Compromise via Lattices (RSA host keys)

[Colin Watson <cjwatson@debian.org>]

On Tue, Sep 24, 2024 at 08:55:29PM -0700, Matt Taggart wrote:
> Passive SSH Key Compromise via Lattices
> Keegan Ryan, Kaiwen He, George Arnold Sullivan, and Nadia Heninger
> https://eprint.iacr.org/2023/1711.pdf
> 
> details an attack that allows a passive observer to potentially compromise
> RSA host keys. They also include details on internet-wide scans to measure
> the prevalence of vulnerable signatures in the wild.

This paper has been public since November 2023, and it also says in
section 5 that OpenSSH implements countermeasures against it.  Is there
something new that's come to light more recently?

(I haven't yet had time to read the paper in depth.)

-- 
Colin Watson (he/him)                              [cjwatson@debian.org]