Two days ago this vulnerability was released: http://www.debian.org/security/2008/dsa-1571
Luciano Bello discovered that the random number generator in Debian’s openssl package is predictable. This is caused by an incorrect Debian-specific change to the openssl package (CVE-2008-0166). As a result, cryptographic key material may be guessable.
This is a Debian-specific vulnerability which does not affect other operating systems which are not based on Debian. However, other systems can be indirectly affected if weak keys are imported into them.
The problem is that this makes it incredibly easy to exploit Debian/Ubuntu systems that have modified their SSH servers to use public key authentication.
As summed up by the SANS ISC
The bottom line is: this is very, very, very serious and scary. Please check your systems and make sure that you are both patched, and that you regenerated any potentially weak cryptographic material.
The situation with web certificates is even worse – the public key is really that: public. So, for a weak key generated on Debian, an attacker could derive the private key and construct a Man-In-The-Middle attack without any problems in the browser! Very very scary. Makes one wonder how many people used Debian to generate their SSL keys.
As Swa said, there are basically 2 scenarios:
- the public key is known publicly -> no brute force needed, the attackers walk in private key in hand
- the public key isn’t found -> brute force of some 260K keys needed.
This is a rather big deal for what is supposed to be some of the most secure systems in existence. If you use either Debian or Ubuntu. UPDATE NOW!
Hurray! http://xkcd.com/424/
Ha ha, that’s awesome!