Phuctor Reveals 1 in ~2700 SSH-capable Machines On The Internet Still "Debianized"

Phuctor is a public service operated by S.NSA. It catalogues extant RSA public keys which are inexpensively breakable by any known means.

A short "trip down memory lane" is in order. From 2006 to 2008, Debian shipped with a sabotaged SSH key generator — which was capable of producing strictly 32768 distinct private keys of any given length.

According to Official Truth, this particular story ended in 2008, when the Debian "bug" was fixed. But in reality, a carefully-engineered boobytrap is truly a gift that keeps on giving.

Phuctor has been digesting SSH keys obtained from a scan of the complete IPv4 space since June of 2016. These have yielded, and continue to yield, breakable RSA moduli.

On Wednesday, November the 16th, factors from 168923 trivially-breakable "Debianized" RSA keys1 were added to Phuctor's database. This resulted in a discovery of 1366 distinct hits, distributed across 689 newly-broken RSA moduli. The count of RSA SSH keys (each found at a particular scanned IP, and not necessarily unique) present in Phuctor's database at the time was 2941798. The 689 moduli represented a set of 1074 IP addresses where a machine had responded to an SSH query.2

This leads us to an interesting conclusion: roughly 1 in 2700 SSH-capable machines in the IPv4 space is actively making use of a "Debianized" SSH key, even today; its traffic is effortlessly transparent to enemy eyes.

Peace in our time, shitgnomes!


  1. Many of these Linux boxes are likewise using a "Debianized" SSH key for remote login. And if you, the reader, can find and forensically-instrument such a machine, it may prove to be an excellent source of NSAware for the discerning entomologist.  

  2. Plus one other very peculiar key, appearing to belong to a USG provocateur organization called "Mayfirst". It seems to have started life as an SSH key, and is clearly Debianized, but it is not part of the set we converted to RFC4880 format for digestion in Phuctor. Instead, it had been gathered from SKS as part of Phuctor's original working set!  

2 thoughts on “Phuctor Reveals 1 in ~2700 SSH-capable Machines On The Internet Still "Debianized"

  1. Is the list of the vulnerable hosts (IP addresses) available somewhere?

    Or rather, I'm a bit curious as to whether there is significant overlap with the hosts in the "Hail Mary Cloud" (see the overview article at http://bsdly.blogspot.com/2013/10/the-hail-mary-cloud-and-lessons-learned.html and the various links therein).

    • The list will continue to grow as we process the SSH public keys from the scan.

      At the time of this writing, all of the keys on the Phuctored page which mention "contact Framedragger" in the comments field, and have two listed factors (marked in red) that multiply back to the modulus itself (i.e. wholly-phucked), fall into the Debianized category. You can parse them out with a trivial script in the language of your choice.

Leave a Reply to Peter N. M. Hansteen Cancel reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>