There are a lot of sites around the web that inform us about the “OpenSSL debacle” in the Debian based Linux systems. A piece of code that was committed “accidentally” about two years ago limited the amount of possible SSH keys to about 32000. This means brute force hacking attempts based on the list of possible keys could easily lead to success.
When I read this about a week ago I reacted immediately and updated my system with:
aptitude update
aptitude dis-upgrade
The OpenSSL wiki page describes what has to be done for the various installed packages that use OpenSSL certificates. The tool dowkd.pl allows you to check if there are vulnerable keys on your system.
I use PuTTY a lot in combination with keys created by PuTTYgen - these keys stored on my various systems are of course not affected by this problem.
Leave a Reply
On FriendFeed, this post was liked by 0 people and commented on 0 times show
