[PLUG] Break in attempt?
wes
plug at the-wes.com
Sat Mar 3 06:19:18 UTC 2012
On Fri, Mar 2, 2012 at 10:10 PM, Jim Garrison <jhg at jhmg.net> wrote:
> On 3/2/2012 7:48 PM, wes wrote:
> >
> >
> > I've never heard of a single breakin occurring with private-key auth
> > that was due to true SSH protocol or encryption weakness. Failures
> > in the human side of the process, however, have been known to happen.
> >
> >
> > *cough cough*
> >
> >
> http://perimetergrid.com/wp/2008/05/17/ubuntudebian-crng-cracked-ssh-vulnerable/
>
> Missed that one. Seems to be limited to Debian's RNG, and affects
> only the key generation process, not the protocol itself.
>
>
>
quite correct. point being, even SSH keys aren't perfect.
-wes
More information about the PLUG
mailing list