Today's Fail Open Goat Award goes to the Debian / Ubuntu distros (a friend assures me that Ubuntu is derived from Debian and as such is also vulnerable?).HD Moore has decided to completely rape the Debian predictable RNG bug by generating all of the possible 1024bit DSA and 2048bit RSA keys (currently) that an affected user would be capable of generating (due to the bug).
For those not following along - having all of the possible keys allows one to brute-force their way into any SSH account protected by that key rather quickly (HD guesstimates "a couple hours"). HD also lists some 'optimizations' that could assist the brute-forcing efforts to speed them up.
Bad day for Debian / Ubuntu SSH users. SANS is reporting increased SSH scanning . . . this is probably fingerprinting to ID vulnerable Debian boxes that can be brute-forced using the keys HD generated and made available at the URL above.
Gosh, I hope nobody generated a root CA certificate from a Debian or Ubuntu machine in the last two years.
From an academic perspective, though, it'd be interesting to see what havoc would be caused by a revoking and re-issue of a trusted root and all of its subsidiary certificates...
I wrote a .NET tool you can use to scan for SSL certificates using weak keys generated from the affected Debian and Ubuntu distros.
You can find it at http://msmvps.com/blogs/alunj/archive/2008/05/22/1626252.aspx