[Tfug] Debian SSH vulnerability
Jeff Breadner
jeff at breadner.net
Thu May 15 14:19:56 MST 2008
Angus Scott-Fleming wrote:
> On 14 May 2008 at 18:40, Tom Rini wrote:
>
>> None of this is to say that if you have vulnerable keys you shouldn't go
>> and regenerate 'em.
>>
> The Debian project guys released a tool that can detect weak keys (it is
> not 100% correct though as the blacklist in the tool can be incomplete).
> You can download the tool from
> http://security.debian.org/project/extra/dowkd/dowkd.pl.gz.
> The bottom line is: this is very, very, very serious and scary. Please
> check your systems and make sure that you are both patched, and that you
> regenerated any potentially weak cryptographic material.
>
OK, so the odds of a brute-force attack working jump from one in 2^128
(1 in 3.4x10^38) per attempt (assuming the entire key space is attacked)
to about one in 2^18 (1 in 262148) per attempt, the difference in odds
is a lot higher than I thought. I think the key is 32 bytes long, which
leads me to the first number, and the dowkd.pl.gz file referenced above
has 262148 blacklisted keys in it, which led me to the 2nd number. If
this list of blacklisted keys is incomplete, then the odds get more in
our favor, as the number of bad keys is increased.
Still, this bug makes a brute-force attack 1.3x10^33 times more likely
to succeed, if my math is right ;)
Jeff
More information about the tfug
mailing list