You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As per this article, RSA key exchanges in some SSH implementations are subject to interception. It might be worth investigating if this can be audited.
The text was updated successfully, but these errors were encountered:
Only the failure case (when the bug happens) can be actively detected with certainty, but this is subject to the bug actually happening while the audit is performed.
On the other hand, depending on the SSH implementation one might try to test whether the system errors out if a calculation with this bug is being processed. Although this might however not indicate whether the implementation errors out when sending such wrong communications itself …
Thanks for the heads up!
It seems like a test for this issue would be to simply validate the RSA
signatures we receive while running scans. If it fails, we report it
in the UI (actually computing the private key wouldn't be necessary).
Only 1-3 RSA validations would need to be done per connection, which
would not be expensive, CPU-wise.
The one requirement for implementation would be that it must be written
in native Python; one of the design goals of ssh-audit is to remain
library dependency-free. So we couldn't use a crypto library. Python
does have large-number support already, so we'd just need to do our own
PKCSv1.5 de-encapsulation and some modulus exponentiation, and maybe
that's it.
Though, as the paper itself states, finding this vulnerability would be
quite rare. And its possibly not reproduceable through subsequent
scans.
I'd happily accept a PR that observes the above requirement, but
personally, given how rare this issue is (as well as implementation-
specific), its not a priority for me to chase down.
Thanks again for letting me know about this paper!
As per this article, RSA key exchanges in some SSH implementations are subject to interception. It might be worth investigating if this can be audited.
The text was updated successfully, but these errors were encountered: