Debian and OpenSSL: The Aftermath - for anyone who has doubts whether they need to recreate their keys: "However, rather than fix the calls to RAND_add(), the Debian maintainer instead removed the code that added the buffer handed to ssleay rand add() to the pool. This meant that the pool ended up with essentially no entropy. Clearly this was a very bad idea." - yes, "essentially no entropy" when generating keys is a really bad idea. Ouch.