------------------------------------------------------------------------ Weak SSH and SSL keys http://nic.phys.ethz.ch/news/1210776776
It [1]has been discovered that the random number generator (RNG) of Debian's OpenSSL package in their current stable release "4.0 Etch" and later (and those OpenSSL packages based on it as those from e.g. Ubuntu) generated predictable randomness which means that all keys generated with OpenSSL (e.g. SSH keys, website certificates, etc.) on our managed Linux workstations and other Etch machines are guessable with less effort than assumed. These keys need to be regenerated.
This means that if you connect to some of our Linux workstations SSH or Putty will argue about a changed host key.
This also means that if your personal SSH key has been generated on a Debian (or Ubuntu) with the broken OpenSSL RNG your key will no more from our workstations (or any other uptodate Debian system) and you will be prompted for your D-PHYS password instead.
Read on to find out if your keys are weak, what other services and keys may be affected and how you can generate new keys if necessary. We will add more information to this article as it becomes available.
References
1. http://www.debian.org/security/2008/dsa-1571
------------------------------------------------------------------------ ISG News Mailinglist Go to https://webmail.phys.ethz.ch/mailman/listinfo/isg-news to unsubscribe or change your settings.
ISG Department Physik isg@phys.ethz.ch