Debian SSH Key-Cracking Tools Released, Tips for Tightening | Linux Today

Debian SSH Key-Cracking Tools Released, Tips for Tightening

Written By
Web Webster
Web Webster
May 16, 2008

Computerworld: Tools Circulate that Crack Debian, Ubuntu
Keys

“A recently disclosed vulnerability in widely used Linux
distributions can be exploited by attackers to guess cryptographic
keys, possibly leading to the forgery of digital signatures and
theft of confidential information, a noted security researcher said
today.

“HD Moore, best known as the exploit researcher who created the
Metasploit penetration testing framework, called the vulnerability
in Debian and Ubuntu systems ‘ugly’ and said it will be a big job
for administrators to find every flawed key, then reissue
them…”


Complete Story

Computerworld Australia: How to Avoid the Debian SSH Key
Attacks

“This means that there are only 32,767 possible keys for each
key length and there are a number of resources starting to appear
that are targeting the weak key issue. One of the tools, developed
by Markus Mueller, claims to defeat a 2048 bit RSA SSH key in less
than 20 minutes.

“HD Moore, the founder of Metasploit, points out that there are
several features of Debian that make the process of brute forcing a
key even simpler, given that a lot of Debian systems use sequential
pid allocation and most keys are likely to have been user generated
with a pid between 500 and 10,000 (which effectively reduces the
keyspace to 9,500 keys)…”


Complete Story

Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.