On Tue, Sep 24, 2024 at 08:55:29PM -0700, Matt Taggart wrote: > Passive SSH Key Compromise via Lattices > Keegan Ryan, Kaiwen He, George Arnold Sullivan, and Nadia Heninger > https://eprint.iacr.org/2023/1711.pdf > > details an attack that allows a passive observer to potentially compromise > RSA host keys. They also include details on internet-wide scans to measure > the prevalence of vulnerable signatures in the wild.
This paper has been public since November 2023, and it also says in section 5 that OpenSSH implements countermeasures against it. Is there something new that's come to light more recently? (I haven't yet had time to read the paper in depth.) -- Colin Watson (he/him) [cjwat...@debian.org]
