Computerworld: Tools Circulate that Crack Debian, Ubuntu
"A recently disclosed vulnerability in widely used Linux
distributions can be exploited by attackers to guess cryptographic
keys, possibly leading to the forgery of digital signatures and
theft of confidential information, a noted security researcher said
"HD Moore, best known as the exploit researcher who created the
Metasploit penetration testing framework, called the vulnerability
in Debian and Ubuntu systems 'ugly' and said it will be a big job
for administrators to find every flawed key, then reissue
Computerworld Australia: How to Avoid the Debian SSH Key
"This means that there are only 32,767 possible keys for each
key length and there are a number of resources starting to appear
that are targeting the weak key issue. One of the tools, developed
by Markus Mueller, claims to defeat a 2048 bit RSA SSH key in less
than 20 minutes.
"HD Moore, the founder of Metasploit, points out that there are
several features of Debian that make the process of brute forcing a
key even simpler, given that a lot of Debian systems use sequential
pid allocation and most keys are likely to have been user generated
with a pid between 500 and 10,000 (which effectively reduces the
keyspace to 9,500 keys)..."
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.