Quantum key distribution based on arbitrarily-weak distillable entangled states

States with private correlations but little or no distillable entanglement were recently reported. Here, we consider the secure distribution of such states, i.e., the situation when an adversary gives two parties such states and they have to verify privacy. We present a protocol which enables the parties to extract from such untrusted states an arbitrarily long and secure key, even though the amount of distillable entanglement of the untrusted states can be arbitrarily small.