Straw Poll -- Weak SSL/SSH keys

[Peter Corlett]

On Mon, Jun 16, 2008 at 11:26:48AM +0100, Jonathan Bennett wrote:
> You are all, I assume, aware of the Debian weak keys issue. No doubt any
> of you affected by it have already updated your systems, retired your old
> keys and generated new ones. However, not everyone out there is quite so
> diligent, and some servers still have weak keys in place.

I *think* I've nobbled all of my dodgy ssh keys. The only one I found was a
freshly-built machine that hadn't actually been connected to the Internet
yet. At this time, I don't manage any SSL websites, although the air would
be blue if I did.

> Some of these are SSL servers, like wot is used to do e-commerce, an'
> that. The issue here is that, in theory, an attacker could decrypt the
> traffic and recover your credit card details, since brute forcing the
> server's private key is that much easier. You could also be talking to a
> fake server for the same reason, but this doesn't make much difference to
> the information an attacker can collect.

> What I'd like to know is:

> 1) Do you care?

Not really.

> 2) If not, why not?

It's highly unlikely that there is somebody sniffing the link and cracking
keys, and even less likely that a MITM attack is happening, due to there
still being a reasonable amount of effort involved. The black hats will
stick to the lower-hanging fruit of phishing or breaking into webservers and
stealing the database.

In a lot of cases, SSL is a solution looking for a problem because there are
so many weaker links involved. It's security theatre, so that we don't
notice the naked emperor behind the curtain.

> 3) Would you ever bother testing a site's certificate for a weak key
> before doing business with them?

Maybe, if it even occured to me to bother to check.