[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Is openssl actually safe now? (was: debian infrastructure ssh key logins disabled, passwords reset)

Peter Palfrader wrote:
> Due to the weakness in our openssl's random number generator (see the
> Debian Security Advisory #1571 from a few minutes ago[1]) that affects
> among other things ssh keys we have disabled public key auth on all
> project systems until further notice.

Hi all,
if I understand correctly, the problem was that openssl used some
segment of uninitialized memory as a source of entropy, and the
offending patch cleared it. Reverting the patch obviously restored the
pristine behavior.

However I wonder, is the pristine behavior correct? As far as I know, it
is NOT justified at all to rely on the assumption that uninitialized
memory contains random data. I read that many architectures reset it to
some magic number, e.g., 0xdeadbeef. Is that correct?

If so, and if that was the ONLY entropy source used in generating keys,
then upstream openssl is (and has always been) just as broken as the
patched Debian package. While if it was only used in addition to other
sources, all this is probably a non-issue.

Someone more competent than me please investigate.


Reply to: