cancel
Showing results for 
Search instead for 
Did you mean: 

SSH/SSL Keys on Debian and Debian based distributions - Compromised

jah
Grafter
Posts: 36
Registered: 09-06-2007

SSH/SSL Keys on Debian and Debian based distributions - Compromised

The pseudo random number generator in the OpenSSL package for Debian and Debian based (Ubuntu, Kubuntu, ...) was crippled by removal of a critical element of code in the seeding routine resulting in a very small keyspace.  The upshot of this is that SSH and SSL keys generated with the affected packages (between September 2006 and May 13th, 200Cool may be weak and easily brute-forced.
Here's a good write-up: http://metasploit.com/users/hdm/tools/debian-openssl/
Check your keys!