Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
From: Alex Samad <alex@samad.com.au>
Date: Wed, 14 May 2008 13:35:22 +1000
Message-id: <[🔎] 20080514033522.GE30380@samad.com.au>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20080514023954.GC20663@khazad-dum.debian.net>
References: <87od7az9v4.fsf@mid.deneb.enyo.de> <[🔎] 49bfd93c9ebbed9fc25e42e3402c3ddd@mail.steenfamilies.com> <[🔎] 200805132045.04871.jluehr@gmx.net> <[🔎] 482A5826.9020901@glimmer.demon.co.uk> <[🔎] 20080514023954.GC20663@khazad-dum.debian.net>

On Tue, May 13, 2008 at 11:39:54PM -0300, Henrique de Moraes Holschuh wrote:
> On Wed, 14 May 2008, Nick Boyce wrote:
> > This is the best explanation I've seen so far :
> > http://it.slashdot.org/comments.pl?sid=551636&cid=23392602
> >
> > I have no idea if it's correct, but it sounds very plausible.
> 
> It is incorrect.  Close, but incorrect.
> 
> > If there was any mistake it may have been to try too hard to get a  
> > warning-free run from valgrind.
> 
> Especially when dealing with a badly signaled landmine zone like OpenSSL...
> 
> > As the /. post says, "Hats off to the reviewer who picked up on the  
> > problem".
> 
> Indeed.  Running millions of machines on what basically is a small set
> of keys (in other words, brute-forceable) is no joke.  We will be
> feeling the repercusions of this one for a few years.
> 
> It is probably worth a lot of effort to fully map the entire set of keys
> the broken openssl could generate, and find a very fast way to check if
> a key belong to that set.  And add that to openssl upstream (to
> automatically fail any verification done using such keys).
> 

So, just so I understand the possible issue here. The key generated with
the bad openssl library come from a smaller set of possible keys and a
brute force attack would take a lot less time than key generated from a
non broken openssl library ?

is that right ?

or is it that the keys generated from the bad openssl library can be
worked out (ie given the public you could compute the private)

Thanks 

> -- 
>   "One disk to rule them all, One disk to find them. One disk to bring
>   them all and in the darkness grind them. In the Land of Redmond
>   where the shadows lie." -- The Silicon Valley Tarot
>   Henrique Holschuh
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 
> 

-- 
"There's been a act of war declared upon America by terrorists, and we will respond accordingly."

	- George W. Bush
09/15/2001
Camp David

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
  - From: daniel@steenfamilies.com <daniel@steenfamilies.com>
- Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
  - From: Jan Luehr <jluehr@gmx.net>
- Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
  - From: Nick Boyce <nick@glimmer.demon.co.uk>
- Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
  - From: Henrique de Moraes Holschuh <hmh@debian.org>

Prev by Date: dowkd.pl via Package
Next by Date: Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Previous by thread: Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Next by thread: Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Index(es):
- Date
- Thread