Bojan Zdrnja on SANS Internet Storm Center: Couple of days ago Swa posted a diary about a critical Debian/Ubuntu PRNG security vulnerability.
Today Matt wrote in to let us know that H D Moore posted a web page containing all SSH 1024, 2048 and 4096-bit RSA keys he brute forced.
It is obvious that this is highly critical—if you are running a Debian or Ubuntu system, and you are using keys for SSH authentication (ironically, that's something we've been recommending for a long time), and those keys were generated between September 2006 and May 13th 2008 then you are vulnerable. In other words, those secure systems can be very easily brute forced. What's even worse, H D Moore said that he will soon release a brute force tool that will allow an attacker easy access to any SSH account that uses public key authentication.
But this is not all—keep in mind that ANY cryptographic material created on vulnerable systems can be compromised. If you generated SSL keys on such Debian or Ubuntu systems, you will have to recreate the certificates and get them signed again. An attacker can even decrypt old SSH sessions now.
The Debian project guys released a tool that can detect weak keys (it is not 100% correct though as the blacklist in the tool can be incomplete). You can download the tool from http://security.debian.org/project/extra/dowkd/dowkd.pl.gz.
The bottom line is: this is very, very, very serious and scary. Please check your systems and make sure that you are both patched, and that you regenerated any potentially weak cryptographic material.
I haven't verified the validity of the claim made here. It's from an official sounding place. And if true, it represents real, big, problems—the kind of situation where you just want to pass on the information to everybody you know.
I don't have any keys generated on Debian during the period cited above. Even if I do, I would be reluctant to download a program from the internet and let it scan my private keys.
Use your judgement.
Previous Topic
