Nov. 15, 2023, 5:51 p.m. | Bruce Schneier

Schneier on Security www.schneier.com

This is interesting:


For the first time, researchers have demonstrated that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete compromise when naturally occurring computational errors occur while the connection is being established.


[…]


The vulnerability occurs when there are errors during the signature generation that takes place when a client and server are establishing a connection. It affects only keys using the RSA cryptographic algorithm, which the researchers found …

academic papers compromise computational computer cryptographic cryptography data errors keys large protect researchers server signature signatures ssh traffic vulnerabilities vulnerability vulnerable

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

Information Security Engineers

@ D. E. Shaw Research | New York City

Security Engineer, Incident Response

@ Databricks | Remote - Netherlands

Associate Vulnerability Engineer - Mid-Atlantic region (Part-Time)

@ GuidePoint Security LLC | Remote in VA, MD, PA, NC, DE, NJ, or DC

Data Security Architect

@ Accenture Federal Services | Washington, DC

Identity Security Administrator

@ SailPoint | Pune, India