Summary
This technical report presents findings on the vulnerability of RSA host keys in the SSH protocol to passive network attacks. The authors demonstrate that a passive network attacker can exploit faults during signature computation to recover private RSA keys. This is achieved through a lattice attack, which was previously thought to be impossible due to the inclusion of shared secrets in the signature process. The report details the methodology used to conduct internet-wide scans for vulnerable SSH and IPsec implementations, revealing a significant number of compromised keys. The authors analyze the feasibility of the attack, providing evidence of its effectiveness through extensive data collection and analysis. They also discuss the implications of their findings for the security of SSH and IPsec protocols, highlighting the need for improved defenses against such vulnerabilities. The report concludes with recommendations for addressing these security issues and ensuring the integrity of cryptographic implementations.
