Free Trial
Contact Us
Podcast

Root Causes 328: What Is the Debian Weak Key Flaw?

Hosted by
Tim Callan
Tim Callan
Chief Compliance Officer
Jason Soroko
Jason Soroko
Fellow
Original broadcast date
August 23, 2023

In 2008 the world of SSL was shocked by the discovery of a flaw in a popular operating system that limited the total set of possible private keys on this OS to about 32,000. We explain what happened, industry response, and its consequences.

Podcast Transcript

Lightly edited for flow and brevity.
Tim CallanTim CallanSo this is going to be a way back in time, back in history episode. We want to talk about something that some people may have heard of, probably a lot of them haven't, that most of us probably don't remember very well, but at the time, it was a big deal and I think it was a precursor to some of the things to come. And we are talking of course about - not of course, you wouldn't know this - but we're talking about 2008’s Debian weak key flaw.
Jason SorokoJason SorokoThat's when it was found and fixed. I think the bug was introduced as early as 2006. So, we're going back here quite a bit.
Tim CallanTim CallanThat's correct. The whole kerfluffle began in 2008. You're right. The bug had been in Debian for a couple years, in OpenSSL, in particular, in many, not all, but many branches of the Debian branch of Linux. And basically, there was a programming flaw that was discovered in OpenSSL and as a consequence, the total universe of keys, of private keys that you could generate was 32,768. That was it. You could only generate one of those. So if you got a key, any given key would look fine. Looks good. Looks random to me. But of course, it was one of a discrete and limited set of potential keys that could be generated. And though to a human being like you or me, that is a large number. To a computer, even a 2008 computer, that was not a very large number at all.
Jason SorokoJason SorokoOh, heck no. That is a small number, for sure.
Tim CallanTim CallanAnd so within a day, people had calculated and posted all of the potential keys. Within a couple of days, people had released toolkits you could use to very quickly search for these keys, certainly ostensibly, or at least, certainly to help IT teams find and eliminate them. But also, obviously, they could go into the other wrong hands and people could use these exact same tools to try to go find them and exploit them. And overnight, this went from nothing to a giant story and the OpenSSL flaw was fixed within like a week. I could look it up, but it wasn't very long. It was about that. But the keys lingered for decades. You still find them today.
Jason SorokoJason SorokoI'm not surprised at all.
Tim CallanTim CallanAnd every one of those keys, if they're still out there, there's still one of these 32,768 known keys. Like it's just a very small universe and if you hit a random key, and you just wanted to see if you could hit it, if you had a little robot that just tried those, every once in a while, you're gonna get a hit. And that's that's now. That's in 2023. And back in the time, it was even worse, because that's in the era of long lived certificates. So this might have been the private key for a five year SSL certificate. So if I didn't swap my cert out, then for years later, somebody could still come and potentially exploit that particular vulnerability.
Jason SorokoJason SorokoI tell you, if we were podcasting back then Tim, that would have made the list.
Tim CallanTim CallanAnd what's interesting about this is this is an early one. This is pre-Heartbleed. This is this is pre-Heartland. Like this was a very early major security flaw in the world of public SSL. And it was an eye opener at the time for a lot of people who kind of felt like this particular area of security was not really vulnerable. And at the time, there were a lot of people said, look, it's cryptographically secure, and RSA is great. And it's been mathematically proven, you can't break it, and it's all fine and I just don't need to worry about it. And that was that was a gee-whiz moment for a lot of people to say, okay, maybe all of this isn't as bullet proof and capable of just being ignored as I thought.
Jason SorokoJason SorokoOh the things we've learned since then.
Tim CallanTim CallanExactly. Including other major OpenSSL flaws like Heartbleed. But that was a big one at the time. And so different CA’s took different postures. Some of them revoked the certs. Some of them wouldn't accept those keys for new certs. Some of them did nothing and all that stuff kind of coexisted in the world for quite a long time. And even to the point where I said, even now, today, if you could cruise through all of the keys, all the public keys available anywhere on the internet and sift it out, you would still find some of these. Even now.
Jason SorokoJason SorokoWhen you talk about Linux distributions, there are some that are so niche, they're often in these wild and wooly places, but Debian – it’s like just everywhere. Everywhere. And it’s the basis of just so many other it is the parent of so many other distributions that a lot of people have even forgot Debian is the center of it. And it really is. So, anyway, just amazing just how ubiquitous it is.
Tim CallanTim CallanExactly. So, this was just a little past. This is probably going to be a short episode, because there's not new news or anything here. But it's good to remember these things, right. And it's good to remember if it could have happened in the past, it can happen now. And the lessons we learn then we best not forget. And this was a big deal at the time.
Jason SorokoJason SorokoIt certainly was. Like I say, if we were podcasting back then we definitely would have covered it. It would have been one of our bigger news items.
Tim CallanTim CallanBut if we were podcasting then we would have been major pioneers.
Jason SorokoJason SorokoThat is true. That is true. We just didn't happen to be working at the same company at the time.
Tim CallanTim CallanWe didn't know each other. But other than that, yes. But anyway, that's all. Just wanted to share that with the listeners in case we don't remember that. It's a good thing to have in your history of public certificates in SSL and their world and what went on.
Jason SorokoJason SorokoThere you go. Good reminder of things that have been in the past but have echoed so many times since.

Stay informed with expert insights

Subscribe to Root Causes for engaging discussions on PKI, digital security, and best practices for protecting your organization's critical assets. Don’t miss an episode!

Listen on Apple PodcastsListen on SpotifyListen on SoundCloud