Welcome to the 13th edition. After another week of travels, this time to the World Economic Forum, there are some interesting tidbits to share. Let’s dive into the content…

Fault Lines in SSH

Researchers have surprised the crypto community by recovering private keys used in SSH connections. And they used an attack that wasn't supposed to work!

Once in a blue moon, computer hardware faults cause a bad RSA signature to be used in an SSH connection. When these faults are detected, they can be used to recover the RSA private key.

SSH connections were thought to be immune to this type of attack because a passive observer doesn't have access to the shared Diffie-Hellman secret. But a new paper (https://eprint.iacr.org/2023/1711) demonstrates a way around this limitation, and successfully recovered hundreds of RSA private keys.

There's no need to panic, however.

The researchers examined 1.2 billion RSA SSH records and found only 500k signature faults (0.04%). Only about 5,000 of these faults revealed the private key, leading to the identification of just 189 unique RSA private keys.

Fortunately, the fix to this is quite easy. SSH implementations should validate their signatures before sending them. Many common implementations do this already.

Despite the lack of immediate peril, this remains another powerful example of how researchers can break systems in unexpected ways. Crypto-agility is going to be increasingly important in the years ahead.

Bitcoins Aren’t Ageing Well

Over $1bn in Bitcoin is at risk of theft due to bad randomness used during key generation.

The issue impacts keys generated prior to 2016 using a flawed Bitcoin JavaScript library. The library included a "SecureRandom()" function, which had significant implementation errors. This led to weak random data being used to generate keys, which are then predictable to attackers.

In some circumstances, as little as 48 bits of entropy were used to generate keys. The total value of Bitcoin protected by these weak keys is estimated at $1bn.

You can find more of the technical details in this blog post: https://www.unciphered.com/blog/randstorm-you-cant-patch-a-house-of-cards.

This story is a reminder that mistakes at the cryptographic layer are incredibly painful. Randomness has to be truly random to not leave a risk on the table.

Talking with the PQC Police

Last week, the World Economic Forum gathered financial regulators and industry players to ask: how should regulations tackle the quantum threat?

I had the pleasure of joining that conversation, and wanted to share a few take-aways. The session was under the Chatham House Rule, hence I won't attribute viewpoints or list who was there.

• It is important for banks to build a PQC migration team, and staff it appropriately. This will likely mean a mix of traditional cyber folks, alongside quantum experts.

• Migration will require significant stakeholder management. Those who lead the migration teams must have strong interpersonal skills, or they will fail.

• One senior attendee noted we're lucky the quantum threat isn't closer, because we would be "royally screwed" due to the lack of visibility into existing cryptography.

• Large banks take threats with less than 1% likelihood seriously. For this reason, the quantum threat must be taken seriously at the board level.

• Good cryptography is like the "airbags and seat belts that allow us to drive fast". Our current infrastructure is not up to scratch, and it's hindering our speed.

• Regulators don't want to overstretch and prefer to focus on outcomes. But general requirements to "be secure" might not motivate banks to move against a nebulous threat. This was the most hotly contested topic, and conversations will continue on this point.

Overall, it was a productive and honest session with some frank views exchanged. I was impressed with the regulators' desire to be minimal in their demands. And yet, I was left with a concern that more may be needed.