A short "trip down memory lane" is in order. From 2006 to 2008, Debian shipped with a sabotaged SSH key generator — which was capable of producing strictly 32768 distinct private keys of any given length.
According to Official Truth, this particular story ended in 2008, when the Debian "bug" was fixed. But in reality, a carefully-engineered boobytrap is truly a gift that keeps on giving.
Phuctor has been digesting SSH keys obtained from a scan of the complete IPv4 space since June of 2016. These have yielded, and continue to yield, breakable RSA moduli.
On Wednesday, November the 16th, factors from 168923 trivially-breakable "Debianized" RSA keys1 were added to Phuctor's database. This resulted in a discovery of 1366 distinct hits, distributed across 689 newly-broken RSA moduli. The count of RSA SSH keys (each found at a particular scanned IP, and not necessarily unique) present in Phuctor's database at the time was 2941798. The 689 moduli represented a set of 1074 IP addresses where a machine had responded to an SSH query.2
This leads us to an interesting conclusion: roughly 1 in 2700 SSH-capable machines in the IPv4 space is actively making use of a "Debianized" SSH key, even today; its traffic is effortlessly transparent to enemy eyes.
Peace in our time, shitgnomes!
Many of these Linux boxes are likewise using a "Debianized" SSH key for remote login. And if you, the reader, can find and forensically-instrument such a machine, it may prove to be an excellent source of NSAware for the discerning entomologist. ↩
Plus one other very peculiar key, appearing to belong to a USG provocateur organization called "Mayfirst". It seems to have started life as an SSH key, and is clearly Debianized, but it is not part of the set we converted to RFC4880 format for digestion in Phuctor. Instead, it had been gathered from SKS as part of Phuctor's original working set! ↩