current guessing is bad PRNG seeds https://plus.google.com/114134834346472219368/posts/TKQUf47p...

Isn't the software that generated the key derivable from the key itself? Even if it doesn't tag the key explicitly, there's probably a fingerprint in the default allowed algorithms etc.

If it's a fixed vulnerability, the keys would belong to a certain date range etc.

Will be interesting to see what turns up.

This paper points to OpenSSL with low entropy RNG being the culprit: https://freedom-to-tinker.com/blog/nadiah/new-research-there...

http://williamedwardscoder.tumblr.com/post/17652334223/omg-c... was my thought too