WarGame’s Blog

The blacklists published by Debian and Ubuntu demonstrate just how small the key space is. When creating a new OpenSSH key, there are only 32,767 possible outcomes for a given architecture, key size, and key type. The reason is that the only “random” data being used by the PRNG is the ID of the process. In order to generate the actual keys that match these blacklists, we need a system containing the correct binaries for the target platform and a way to generate keys with a specific process ID.

You can never be sure!

More here

I have just created a small patch for the submit-file module of nepenthes, all you have to do is to patch the file submit-file.cpp:

wg_exe_patch.patch:

— submit-file_.cpp 2006-05-04 12:25:40.000000000 +0200
+++ submit-file.cpp 2008-05-13 18:52:54.000000000 +0200
@@ -98,7 +98,8 @@

void FileSubmitHandler::Submit(Download *down)
{
- string path = m_FilePath + down->getMD5Sum();
+ string exe = “.exe”;
+ string path = m_FilePath + down->getMD5Sum() + exe; // WarGame: add the .exe extension

struct stat s;
int32_t retval;

In few words it adds the ‘.exe’ extension to the samples, you will have (for example) 5534a558ff8e7491b671419439b34c0f.exe instead of 5534a558ff8e7491b671419439b34c0f.
Here the patch file