Category: Security

  • Weak ssh public keys in github

    A presentation slide, named “Attacking against 5 millions SSH public keys – 偶然にも500万個のSSH公開鍵を手に入れた俺たちは” is published, it is a lightning talk in “Edomae security seminar” in Jan 24, 2015.  He grabbed ssh public keys with  GitHub API (https://github.com/${user}.key), the API is obsoleted, but not closed. He found short (<= 512 bit) DSA/RSA keys and can solve prime decomposition 256bit […]