tfm@piefed.europe.pub to Programmer Humor@programming.devEnglish · 10 days agoNatural selection in ITisanybodyusingthisprivatekey.comexternal-linkmessage-square27fedilinkarrow-up1166arrow-down15file-text
arrow-up1161arrow-down1external-linkNatural selection in ITisanybodyusingthisprivatekey.comtfm@piefed.europe.pub to Programmer Humor@programming.devEnglish · 10 days agomessage-square27fedilinkfile-text
minus-squareNeatNit@discuss.tchncs.delinkfedilinkarrow-up29·10 days agoTo save anyone the trouble, here’s a key I’ve generated just now: -----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW QyNTUxOQAAACAqTGrNcWWZrKjDzAgG1KaCYAOOAoqSSQvvWVgUx7PdMgAAAJgzuRsTM7kb EwAAAAtzc2gtZWQyNTUxOQAAACAqTGrNcWWZrKjDzAgG1KaCYAOOAoqSSQvvWVgUx7PdMg AAAEC8jODzrMngnvJlMwtlhqwlI6qS42WlzSDADbEYaCsRzCpMas1xZZmsqMPMCAbUpoJg A44CipJJC+9ZWBTHs90yAAAAEXUwX2E0MzhAbG9jYWxob3N0AQIDBA== -----END OPENSSH PRIVATE KEY----- (and if I did it wrong enough, well, you can hack me but please let me know how I fucked up) Change any random character in there to see how the website reacts to a unique key. I changed an O to an o and it accepted it.
minus-squarer00ty@kbin.lifelinkfedilinkarrow-up21·10 days agoWait, that’s my key. Ohhh QIDBA not QADBX.
minus-squareNeatNit@discuss.tchncs.delinkfedilinkarrow-up18·10 days agoFWIW this is what I did: $ ssh-keygen -f fake_ssh_key (press Enter twice for no passphrase) and then: $ cat fake_ssh_key Which I then just copy-pasted from the terminal. Surely this can’t reveal anything about my other private keys, right?
To save anyone the trouble, here’s a key I’ve generated just now:
-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW QyNTUxOQAAACAqTGrNcWWZrKjDzAgG1KaCYAOOAoqSSQvvWVgUx7PdMgAAAJgzuRsTM7kb EwAAAAtzc2gtZWQyNTUxOQAAACAqTGrNcWWZrKjDzAgG1KaCYAOOAoqSSQvvWVgUx7PdMg AAAEC8jODzrMngnvJlMwtlhqwlI6qS42WlzSDADbEYaCsRzCpMas1xZZmsqMPMCAbUpoJg A44CipJJC+9ZWBTHs90yAAAAEXUwX2E0MzhAbG9jYWxob3N0AQIDBA== -----END OPENSSH PRIVATE KEY-----(and if I did it wrong enough, well, you can hack me but please let me know how I fucked up)
Change any random character in there to see how the website reacts to a unique key. I changed an O to an o and it accepted it.
Wait, that’s my key. Ohhh QIDBA not QADBX.
FWIW this is what I did:
$ ssh-keygen -f fake_ssh_key(press Enter twice for no passphrase)
and then:
$ cat fake_ssh_keyWhich I then just copy-pasted from the terminal. Surely this can’t reveal anything about my other private keys, right?