You’ve probably heard by now about the gaping hole in keys generated by Debian’s OpenSSL. If not, the summary is that your SSH keys and SSL certs were selected from a fixed pool of 215 (32,767) possibilities, and are thus easy to brute-force over the network.
If you have any keys generated on a Debian system, you need to immediately replace them or
gaping holeDebian needs some serious commit reviewDigg Linux/Unix upcoming Fri, 07/11/2008 - 19:11
|
