Re: Weird SSH attack last night and this morning (still ongoing)

On Fri, 16 May 2008 01:17:48 BST, Alex Howells said:

> > of possible keys, it would only generate one of some 2^18 keys, making the
> > brute forcing much easier (if you had a botnet of 10,000 bots, you could
> > break a weak key with an average of only 13 probes per bot, as opposed to
> > the several million year's worth of probes it should have taken).
>
> I'm somewhat curious where you get the 2**18 number, all reasonable
> analysis seems to conclude it is actually 2**15 -- although if you

I cheated and looked at the tester that got released, it had 2**18 - 4
keys it checked for (and a quick look at the 4 missing spots shows that those
would likely have been discarded as "weak" keys - stuff like all-zeros, etc).