In my previous blog post I wondered
I don’t know what the mathematical implications of having the last few bits of a private key are, but it can’t be good.
As it turns out, for DSA, quite bad.
In short, this pam_env symlink issue, in some cases, allows an attacker to lift enough private key data from a DSA key to make brute-forcing the rest feasible.
For all details, see my article.