An error as small as a single flipped memory bit is all it takes to expose a private key.

Link to the paper: https://eprint.iacr.org/2023/1711.pdf

The vulnerability occurs when there are errors during the signature generation that takes place when a client and server are establishing a connection. It affects only keys using the RSA cryptographic algorithm, which the researchers found in roughly a third of the SSH signatures they examined. That translates to roughly 1 billion signatures out of the 3.2 billion signatures examined. Of the roughly 1 billion RSA signatures, about one in a million exposed the private key of the host.

  • cmnybo@discuss.tchncs.deEnglish
    4·
    7 months ago

    At least it only affects RSA keys.

    I’ve been working on changing all of mine to ED25519. I guess I should get the rest of them changed out now.