Re: ssl security desaster (was: Re: SSH keys: DSA vs RSA)

To: Thijs Kinkhorst <thijs@debian.org>
Cc: debian-devel@lists.debian.org
Subject: Re: ssl security desaster (was: Re: SSH keys: DSA vs RSA)
From: Martin Uecker <muecker@gwdg.de>
Date: Thu, 15 May 2008 16:47:54 +0200
Message-id: <[🔎] 1210862874.27783.42.camel@localhost>
In-reply-to: <[🔎] 200805151520.12046.thijs@debian.org>
References: <[🔎] 1210853087.16247.13.camel@localhost> <[🔎] 200805151520.12046.thijs@debian.org>

Am Donnerstag, den 15.05.2008, 15:20 +0200 schrieb Thijs Kinkhorst:
> On Thursday 15 May 2008 14:04, Martin Uecker wrote:
> > If I understand this correctly, this means that not only should keys
> > generated with the broken ssl lib be considered compromised, but all
> > keys which were potentially used to create DSA signatures by those
> > broken libs.
> >
> > In this case, the security advisory should clearly be updated. 
> 
> The original advisory has this text:
> "Furthermore, all DSA keys ever used on affected Debian systems for signing or 
> authentication purposes should be considered compromised; the Digital 
> Signature Algorithm relies on a secret random value used during signature 
> generation."
> 
> I read there exactly the thing you describe above. What is your suggestion?

I missed this, sorry. The advisory for ssh does not include this
information. Is this not relevant for ssh for some reason?

To be clear, I have been quite impressed by the professional reaction to
this (and other) security problems. But it still would like to see some
more information here. (Which might already be in the works.)

> > And all advise about searching for weak keys should be removed as well,
> > because it leads to false sense of security. In fact, *all* keys used
> > on Debian machines should be considered compromised.
> 
> The reasoning above does not go for the more common RSA keys, so this advice 
> would not be appropriate I think.

Ok.

> > I also wonder, what will the Debian community change in their
> > processes to make such a security desaster less likely in the
> > future?
> 
> You mean less likely than once in 15 years? We're open to your suggestions.

Something as bad as this might be rare, still, if something can be
improved, it should.

Upstream complained about the extensive Debian patching. I think this
is a valid criticism.

For security sensitive packages, requiring changes to be signed-off
by a second person might be a good idea too.

Another problem I have argued about before, not directly related to this
incident, but IMHO another desaster waiting to happen: There is no
way to independetly validate that a debian binary package was
created from the corresponding source.

What bothers me too is the fact that the installer scripts of 
all packages have root permissions during installation. While
this might be hard to do, in principle I see no good reason
why installer scripts could not be limited to certain tasks.

Martin

Reply to:

Follow-Ups:
- Re: ssl security desaster (was: Re: SSH keys: DSA vs RSA)
  - From: Thijs Kinkhorst <thijs@debian.org>
- Re: ssl security desaster
  - From: Tollef Fog Heen <tfheen@err.no>

References:
- ssl security desaster (was: Re: SSH keys: DSA vs RSA)
  - From: Martin Uecker <muecker@gwdg.de>
- Re: ssl security desaster (was: Re: SSH keys: DSA vs RSA)
  - From: Thijs Kinkhorst <thijs@debian.org>

Prev by Date: Re: db.debian.org/password.html : Why ~/.ssh/id_dsa.pub to setup OpenSSH for RSA
Next by Date: Re: db.debian.org/password.html : Why ~/.ssh/id_dsa.pub to setup OpenSSH for RSA
Previous by thread: Re: ssl security desaster (was: Re: SSH keys: DSA vs RSA)
Next by thread: Re: ssl security desaster (was: Re: SSH keys: DSA vs RSA)
Index(es):
- Date
- Thread