#207 - OpenSSL vulnerability
Posted on Thu 05/15/08 at 18:12, 1361 days ago
You've probably already read a gazillion advisories about this by now well-known vulnerability. It's limited to Debian-derived OS'es, and only affects keys generated after June 2006, I think. Don't quote me on anything though.
A co-worker has read up on the issue a bit, and apparently the vulnerability effectively limits the key space to about 32k (PID was used, iirc). This means that there are 32k "master" key pairs. A rather serious side effect of this is that the private key can be found with a simple brute force search. Therefore, all private AND public keys must be purged, with fire. Personally, I'm going to take off and nuke my keys from orbit. It's the only way to be sure.
1 commentPost comment
Post comment
Back to list
Comments
By Philip on Thu 05/15/08 at 20:45, 1361 days ago
Haha, I settled for clicking yes in some dialog thrown at me by Ubuntu, I don't do nukes. Stupid spambot question, who cares if Anakin leaves his mother?