OpenSSL vuln: Debian/Ubuntu
- From: jayjwa <jayjwa@xxxxxxxxxxxxxxxx>
- Date: Thu, 15 May 2008 05:48:27 -0400
The basic idea of it is Debian butchered their Openssl suite and it's been
turning out weak/breakable keys. Since OpenSSL versions starting with
0.9.8c-1. The Sans article focuses on OpenSSH, but it's really deeper.
The Debian page talks about OpenSSL.
http://isc.sans.org/diary.html?storyid=4414
"Furthermore, all DSA keys ever used on affected Debian systems for
signing or authentication purposes should be considered compromised; the
Digital Signature Algorithm relies on a secret random value used during
signature generation."
http://www.debian.org/security/2008/dsa-1571
"It is strongly recommended that all cryptographic key material which has
been generated by OpenSSL versions starting with 0.9.8c-1 on Debian
systems is recreated from scratch. Furthermore, all DSA keys ever used on
affected Debian systems for signing or authentication purposes should be
considered compromised;"
--
[** America, the police state **]
Whoooose! What's that noise? Why, it's US citizen's
rights, going down the toilet with Bush flushing.
http://www.theregister.co.uk/2008/01/27/bush_nsa_internal/
http://www.wired.com/politics/security/news/2007/08/wiretap
http://www.hermes-press.com/police_state.htm
http://www.privacyinternational.org/article.shtml?cmd%5B347%5D=x-347-559597
.
- Follow-Ups:
- Re: OpenSSL vuln: Debian/Ubuntu
- From: John Thompson
- Re: OpenSSL vuln: Debian/Ubuntu
- Prev by Date: Re: ADVERT: Secure comms
- Next by Date: Re: OpenSSL vuln: Debian/Ubuntu
- Previous by thread: Re: ADVERT: Secure comms
- Next by thread: Re: OpenSSL vuln: Debian/Ubuntu
- Index(es):
Relevant Pages
|
|
