[wplug] OpenSSL security vulnerability

[Patrick Wagstrom]

I haven't seen any discussion of this, but it's actually very important. 
Some time ago, approximately two years, a single line was removed from the 
Debian installation of OpenSSL.  Reading around, it looks like it was 
removed because the line caused a problem when profiling the code with 
Valgrind.  Unfortunately, this had the nasty side effect of reducing the 
possible key space to 2^15 keys instead of 2^1024 possible keys.  Yeah, it 
took two years for people to realize this.

In that time span, Ubuntu, which uses/steals lots of stuff from Debian has 
achieved massive popularity, thus the defect is much more popular than just 
Debian.  Also, the problem affects more than just servers -- in fact the 
server issue is quite moot compared to the elephant in the room.

The biggest issue is that any SSH private keys you may have generated in 
that time are now vulnerable to a fairly easy dictionary attack.  Knowing 
that most people use 1024 or 2048 bit public keys, you can already go and 
complete key sets on the net, and I'd imagine that by this evening the 4096 
set will be available to download.  Thus, if you run a machine that accepts 
SSH passwordless login, you're now on borrowed time if ANYONE HAS USED A 
DEBIAN SYSTEM TO GENERATE KEYS.  With a simple username there are only 
98304 possible keys to try.

So, system administrators, unless it's completely untenable, you should 
consider disabling passwordless login until you've confirmed that all users 
have changed their private key.

Once again, because of the vulnerability with SSH public keys, any system 
that has a key generated by a debian user is vulnerable.  Don't get all 
haughty thinking you're immune because you run Fedora, FreeBSD, or OpenBSD. 
  I'm looking forward to scads of dictionary attacks in the near future.

--Patrick