what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 2 of 2 RSS Feed

Files from Nadia Heninger

First Active2015-10-15
Last Active2023-11-13
Passive SSH Key Compromise Via Lattices
Posted Nov 13, 2023
Authored by Nadia Heninger, Keegan Ryan, Kaiwen He, George Arnold Sullivan

This whitepaper demonstrates that a passive network attacker can opportunistically obtain private RSA host keys from an SSH server that experiences a naturally arising fault during signature computation. In prior work, this was not believed to be possible for the SSH protocol because the signature included information like the shared Diffie-Hellman secret that would not be available to a passive network observer. The paper shows that for the signature parameters commonly in use for SSH, there is an efficient lattice attack to recover the private key in case of a signature fault. The authors provide a security analysis of the SSH, IKEv1, and IKEv2 protocols in this scenario, and use their attack to discover hundreds of compromised keys in the wild from several independently vulnerable implementations.

tags | paper, cryptography, protocol
SHA-256 | 481aab67e2963f899f4d0981c2be3f03e3ff14965119cb78e929b36c27b58597
Imperfect Forward Secrecy: How Diffie-Hellman Fails In Practice
Posted Oct 15, 2015
Authored by Eric Wustrow, J. Alex Halderman, Karthikeyan Bhargavan, Matthew Green, Pierrick Gaudry, David Adrian, Benjamin VanderSloot, Nadia Heninger, Drew Springall, Luke Valenta, Paul Zimmermann, Emmanuel Thome, Zakir Durumeric, Santiago Zanella-Beguelin

This paper investigates the security of Diffie-Hellman key exchange as used in popular Internet protocols and find it to be less secure than widely believed. First, they present Logjam, a novel flaw in TLS that lets a man-in-the-middle downgrade connections to "export-grade" Diffie-Hellman. To carry out this attack, the researchers implement the number field sieve discrete log algorithm. After a week-long precomputation for a specified 512-bit group, they can compute arbitrary discrete logs in that group in about a minute. They found that 82% of vulnerable servers use a single 512-bit group, allowing them to compromise connections to 7% of Alexa Top Million HTTPS sites. They go on to consider Diffie-Hellman with 768- and 1024-bit groups. They estimate that even in the 1024-bit case, the computations are plausible given nation-state resources. A small number of fixed or standardized groups are used by millions of servers; performing precomputation for a single 1024-bit group would allow passive eavesdropping on 18% of popular HTTPS sites, and a second group would allow decryption of traffic to 66% of IPsec VPNs and 26% of SSH servers. A close reading of published NSA leaks shows that the agency's attacks on VPNs are consistent with having achieved such a break. They conclude that moving to stronger key exchange methods should be a priority for the Internet community.

tags | paper, web, arbitrary, protocol
SHA-256 | 34229b5a84df1c71f6a8f6c2fbd22fb444d37a13ea7fdfe2f50f3fe60983e984
Page 1 of 1

File Archive:

December 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    0 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    32 Files
  • 5
    Dec 5th
    10 Files
  • 6
    Dec 6th
    14 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By