The Erlang SSH Story: bug to key recovery presented at KiwiCon 2011

by Geoff Archaelus,

Tags: Security

Summary : "It's 6pm in the office and your coffee is cold. You thought you were so smart when you decided to create a custom ssh channel protocol to run inter-cluster distribution, but now you're deep in the guts of the SSH library and something looks out of place. The call to random:uniform/1 anywhere else would be innocent, but your heart sinks as your mind races: wrong kind of random, no entropy mixing - could you guess the seed? And if you could, what else would be yours for the taking? A bug, a conjecture, a half-arsed network stack, a lot of coffee and googling, a one-shot pcap->private key recovery script."