logo
Published on FierceCIO (http://www.fiercecio.com)

Tools to crack flawed cryptographic keys circulate

By paulmah
Created May 16 2008 - 8:22am

A newly disclosed vulnerability in the random number generator used by the Debian Project to produce digital keys is making its repercussions felt around the world. The flaw makes it relatively easy to compute the correct cryptographic keys, which are used for services such as Secure Shell (SSH) and Secure Socket Layer (SSL). There are reports of 2048 bit keys [1] being generated in two hours on a cluster consisting of just 31 Xeon cores. In the meantime, users and system administrators are urged to patch their systems and to regenerate all keys produced on Debian systems after September 2006--when builds that included the flaw were first made available.

For more on the random number generator flaw:
- check out the Debian Security Advisory [2]

Source URL:
http://www.fiercecio.com/story/tools-crack-flawed-debian-and-ubuntu-cryptographic-key-circulates/2008-05-16

Links:
[1] http://metasploit.com/users/hdm/tools/debian-openssl/
[2] http://www.debian.org/security/2008/dsa-1571