security

Cryptographic keys protecting SSH connections stolen in new attack – TechRadar


Hackers can eavesdrop on some endpoints’ SSH connections and use the information flowing there to deduce the hosts’ private RSA keys, which can then be used to impersonate the device – a textbook example of a man-in-the-middle attack – but not steal login credentials. 

These are the findings published in “Passive SSH Key Compromise via Lattices”, a new research paper published by Keegan Ryan, Kaiwen He, George Arnold Sullivan, and Nadia Heninger of the University of California, San Diego. For the uninitiated, Secure Shell (SSH) connections are remote encrypted connections established between the user’s endpoint and a server. 



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.