Novel SSH-based private RSA key extraction technique detailed

Vulnerable SSH servers could be compromised to secure private RSA host keys through a new passive attack method that involves the observation of computational faults during the signing process that exposes the private keys, The Hacker News reports. Utilizing the technique dubbed "lattice-based key recovery fault attack" enabled the retrieval of 189 unique RSA public keys linked to devices from Cisco, Zyxel, Mocana, and Hillstone Networks, a study from University of California, San Diego, and Massachusetts Institute of Technology researchers showed. However, such an attack method is being prevented from accessing signatures by TLS version 1.3, which encrypts the connection-establishing handshake. "These attacks provide a concrete illustration of the value of several design principles in cryptography: encrypting protocol handshakes as soon as a session key is negotiated to protect metadata, binding authentication to a session, and separating authentication from encryption keys," said researchers.