The Erlang SSH Story: bug to key recovery

Presented at Kiwicon V: It Goes b00m (2011), Nov. 5, 2011, 9:30 a.m. (30 minutes)

It's 6pm in the office and your coffee is cold. You thought you were so smart when you decided to create a custom ssh channel protocol to run inter-cluster distribution, but now you're deep in the guts of the SSH library and something looks out of place. The call to random:uniform/1 anywhere else would be innocent, but your heart sinks as your mind races: wrong kind of random, no entropy mixing - could you guess the seed? And if you could, what else would be yours for the taking? A bug, a conjecture, a half-arsed network stack, a lot of coffee and googling, a one-shot pcap->private key recovery script.

Presenters:

• Geoff Cant / Archaelus
  Geoff Cant is the world's most interesting Erlang Hacker in New Zealand. He doesn't often spot security bugs in obscure programming languages but when he does he weaponizes them. More prosaically of late, he builds interesting distributed systems for mobile gaming platforms at ngmoco:) and finds entirely too little free-time to devote to an ever-expanding collection of github projects.

Links:

• https://2011.kiwicon.org/the-con/talks/#e13

Similar Presentations:

• May Contain Hackers (MCH2022) / SSH Configuration, Intermediate Level
• BSidesSF 2017 / Better SSH management with ephemeral keys
• Still Hacking Anyway (SHA2017) / SSH - From Zero to Hero (Workshop): Impress your friends with your freshly acquired SSH knowledge