Your keys are teh pwn3d

I’m sure everyone who uses SSH has heard by now, but you need to change your SSH keys if you are using Debian/Ubuntu (or took a key from said OS like I did). If you’re thinking that it’s not a big deal, you’re gonna get put in the hurt locker – the only source of entropy in those keys are the PID of the process that created them. That means, there are only 32768 keys; it takes a hacker ~20 mins to break into any server he wants.

If all of your machines are Debian-based, the best thing for you to do is to just delete all the entries in ~/.ssh/authorized_keys until you can regenerate them and patch all of your systems.

In miscellaneous news

• We’re finishing up the beta for my super-cool project at work today – so far my clever attempt to sneak Ruby/Python through the backdoor at WinSE is turning out wonderfully, mwa ha ha.
• Summer finally seems like it’s here, it’s nice to be done with the crappy weather. I need to find a cool bike so that I can start riding to work. Days like this make me wish I had a dog to walk, that’d be nice too