Collaborate Disseminate
I’d like to use YubiKey Bio for SSH-logins. I’m wondering how often I have to show my fingerprint for authentication when I start new sessions. What’s the interval? If I start a new session every 5 minutes, do I need to use the key each ti… Continue reading YubiKey Bio for SSH login: Do I have to reauthenticate?
I’ve watched a lot of videos on Shor’s Algorithm and Quantum Computers. Most of these videos say these two things undermine RSA via fast-factoring, but they never really explain how fast-factoring is used to these break things; just very h… Continue reading RSA vs Shor’s Algorithm/Fast Factoring — Server Credentials & MITM
It’s time to strap on our propeller beanies, because we’re going to talk crypto. The short version is that some SSH handshakes can expose enough information for a third party …read more Continue reading This Week in Security: SSH, FTP, and Reptar
This is interesting:
For the first time, researchers have demonstrated that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete compromise when naturally occurring computational errors occur while the connection is being established.
[…]
The vulnerability occurs when there are errors during the signature generation that takes place when a client and server are establishing a connection. It affects only keys using the RSA cryptographic algorithm, which the researchers found in roughly a third of the SSH signatures they examined. That translates to roughly 1 billion signatures out of the 3.2 billion signatures examined. Of the roughly 1 billion RSA signatures, about one in a million exposed the private key of the host…
The best example, would be the ~/.ssh folder, or the linux keychain.
Why is the ~/.ssh folder considered safe? When researching this, people said that the permissions of the folder would give enough security, since if someone then still ha… Continue reading How do programs store plain-text secrets securely? [duplicate]
I was learning the tool called hydra by attacking my local computer. When I am logged on to my Windows laptop as a local account, I use the following from my raspberry pi :
hydra -l sagar -P pwlist ssh://192.168.1.78 -V – I -f -t 2
It was… Continue reading How does Hydra work on Microsoft Windows accounts on ssh?
Segfault is a popular service for Disposable Root Servers where everyone for free can enter and use a VM via SSH. It seems like this service should be abused for cryptojacking (mining monero for example).
Do they prevent such kinds of acti… Continue reading How do segfault prevent crypto abuse? [closed]
OpenSSH sshd enforces mode 0600 for authorized_keys when StrictMode is enabled. How is mode 0644 more vulnerable?
Continue reading Consequences of .ssh/authorized_keys being world-readable
Intro
Trying to send encrypted backup of in productions filesystems, I was interested by the ability of using gocryptfs in reverse mode!
The idea is to
use gocryptfs –reverse from any existing (unencrypted) folder, for mounting an encryp… Continue reading Outdoor backup: gocryptfs –init –reverse: alway same .diriv in 1st level directory
I’m training on a test network. I managed to snatch some ssh credentials and spawn a shell with msfconsole. Turns out a connection via ssh to 192.168.0.3:2222 forwards me to 192.168.0.4:22. So I have the shell on 192.168.0.4.
Now I want to… Continue reading Upgrade MSF ssh to meterpreter on a host behind a forwarded host