Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
First of all, RSA encryption does NOT equal RSA the company. We're talking about the company here.
Second, the reuters article mentions only the Elliptic curve PRNG NOT the Elliptic curve encryption. Basically, the backdoor that was inserted was really just making RSA co. use the Elliptic curve PRNG, which is known to be extremely weak: http://blog.0xbadc0de.be/archives/155
It was actually discovered in 2012: http://cyberwarzone.com/did-nsa-put-...ption-standard
We also discovered evidence of the implementation in the RSA BSAFE products of a non-standard TLS extension called “Extended Random.” This extension, co-written at the request of the National Security Agency, allows a client to request longer TLS random nonces from the server, a feature that, if it enabled, would speed up the Dual EC attack by a factor of up to 65,000. In addition, the use of this extension allows for for attacks on Dual EC instances configured with P-384 and P-521 elliptic curves, something that is not apparently possible in standard TLS. While the code implementing Extended Random was not compiled into our build of Share for C/C++, it was available (though deactivated) in the build of Share for Java that we analyzed. In the latter case, we were able to re-enable it and verify the functionality. Note that the attack times reported below do not take advantage of extended random.
In short they now has a means to decrypt RSA keys tens of thousands of times faster.
Unless I read things wrong I think that's a too sensationalist summary of things. First of all you need a "product" that includes the Dual Elliptic Curve Deterministic Random Bit Generator (some versions of Windows IIRC) and then the Extended Random protocol would have been a proposed addition to that.
Quote:
Originally Posted by lleb
What to replace RSA with for ssh keys and more?
First of all there's a difference between RSA Inc the company (BSAFE SW, HW token) and RSA as in the algorithm. Secondly as you moved from OpenSSH-1 to OpenSSH-2 you should already have moved from RSA to DSA keys (http://www.snailbook.com/faq/ssh-1-vs-2.auto.html) and only use RSA when talking to systems that can't do DSA.
Unless I read things wrong I think that's a too sensationalist summary of things. First of all you need a "product" that includes the Dual Elliptic Curve Deterministic Random Bit Generator (some versions of Windows IIRC) and then the Extended Random protocol would have been a proposed addition to that.
good to know here.
Quote:
First of all there's a difference between RSA Inc the company (BSAFE SW, HW token) and RSA as in the algorithm. Secondly as you moved from OpenSSH-1 to OpenSSH-2 you should already have moved from RSA to DSA keys (http://www.snailbook.com/faq/ssh-1-vs-2.auto.html) and only use RSA when talking to systems that can't do DSA.
i thought dsa keys were considerably easier to crack then rsa? thankfully i am running OpenSSH-2 on all of my systems.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
