Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

vulnerabilities in RSA to watch for #225

Open
perkelix opened this issue Nov 13, 2023 · 2 comments
Open

vulnerabilities in RSA to watch for #225

perkelix opened this issue Nov 13, 2023 · 2 comments

Comments

@perkelix
Copy link

As per this article, RSA key exchanges in some SSH implementations are subject to interception. It might be worth investigating if this can be audited.

@BenBE
Copy link

BenBE commented Nov 13, 2023

Only the failure case (when the bug happens) can be actively detected with certainty, but this is subject to the bug actually happening while the audit is performed.

On the other hand, depending on the SSH implementation one might try to test whether the system errors out if a calculation with this bug is being processed. Although this might however not indicate whether the implementation errors out when sending such wrong communications itself …

@jtesta
Copy link
Owner

jtesta commented Nov 13, 2023 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants