[PLUG] Break in attempt?

wes plug at the-wes.com
Sat Mar 3 06:19:18 UTC 2012


On Fri, Mar 2, 2012 at 10:10 PM, Jim Garrison <jhg at jhmg.net> wrote:

> On 3/2/2012 7:48 PM, wes wrote:
> >
> >
> >     I've never heard of a single breakin occurring with private-key auth
> >     that was due to true SSH protocol or encryption weakness.  Failures
> >     in the human side of the process, however, have been known to happen.
> >
> >
> > *cough cough*
> >
> >
> http://perimetergrid.com/wp/2008/05/17/ubuntudebian-crng-cracked-ssh-vulnerable/
>
> Missed that one.  Seems to be limited to Debian's RNG, and affects
> only the key generation process, not the protocol itself.
>
>
>
quite correct. point being,  even SSH keys aren't perfect.

-wes



More information about the PLUG mailing list