Debian OpenSSL bug (CVE-2008-0166)

In 2008 it was discovered that a patch in Debian's and Ubuntu's OpenSSL package caused the random number generator to malfunction. Effectively this meant that the process id (PID) was the only source of randomness.

This allows calculating all possible private keys generated by this vulnerable OpenSSL package. However different behavior depending on the tool used (OpenSSL directly vs. OpenSSH), the architecture and the presence of certain config files still creates a number of variations. Due to these variations existing tools and lists often miss some of these keys.

We currently guarantee that we check standard key sizes (2048, 3072, 4096) created on 32 and 64 bit x86 architectures with both OpenSSL and OpenSSH. We also check for some other variations, but due to the size of the blocklists and the fact that these keys are exceptionally rare we avoid checking for unusual key sizes.