Researchers have made a groundbreaking discovery, demonstrating that a significant portion of cryptographic keys used in computer-to-server SSH traffic are susceptible to complete compromise when natural computational errors occur during the connection establishment. According to ArsTechnica, researchers were able to calculate the private portion of nearly 200 unique SSH keys observed in public Internet scans over the last seven years. It is also suspected that keys used in IPsec connections may face a similar fate. SSH is a cryptographic protocol used in secure shell connections for remote server access in security-sensitive enterprise environments, while IPsec is a protocol used by virtual private networks to route traffic through encrypted tunnels.
The vulnerability arises from errors during signature generation when a client and server are establishing a connection. This vulnerability specifically affects keys using the RSA cryptographic algorithm, which accounted for approximately one-third of the SSH signatures examined. That amounts to roughly 1 billion signatures out of the 3.2 billion examined. Of the approximately 1 billion RSA signatures, about one in a million exposed the private key of the host. Although the percentage is very small, it is surprising for several reasons. Most notably, it is surprising because most SSH software has deployed a countermeasure for decades to check for signature faults before sending a signature over the Internet. Furthermore, researchers had previously believed that signature faults only exposed RSA keys used in the TLS protocol encrypting web and email connections, not SSH traffic, as passive attackers couldn’t see the necessary information when the errors occurred.