[PLUG] Break in attempt?

Mike Connors mconnors1 at gmail.com
Sat Mar 3 10:49:20 UTC 2012


>
>
> > > *cough cough*
> > >
> > >
> >
> http://perimetergrid.com/wp/2008/05/17/ubuntudebian-crng-cracked-ssh-vulnerable/
> >
> > Missed that one.  Seems to be limited to Debian's RNG, and affects
> > only the key generation process, not the protocol itself.
> >
> >
> >
> quite correct. point being,  even SSH keys aren't perfect.


Huh, that's interesting. Although the bug that was created, ironically
enough by a erroneous bug fix, affects SSH Keys due to the entropy of the
seed being reduced to 15 bits the vulnerability is in the OpenSSL
libraries. Ouch!

One of the things I always find interesting about security vulnerabilities
is that no one ever talks about true risk. Just because there's a
vulnerability doesn't mean someone is going to come knocking on your door
to exploit it unless you have something of very high interest or value to a
potential cracker.

If I understand this correctly the "possible attempted break-in" messages
are mass script attacks attempting to exploit common usernames and keys
whereas with the RNG bug someone would have to intentionally and
specifically run an attack against the RNG to generate the correct key.
That is, I'm thinking this level of attack is not from a botnet script that
just throwing common usernames and passwords at every SSH open port on the
internet it can find.

You can also use a passphrase when generating your SHH pub/priv key pairs. An
SSH key passphrase is a secondary form of security that gives you a little
time when your keys are stolen.



More information about the PLUG mailing list