Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

[Henrique de Moraes Holschuh <hmh@debian.org>]

On Wed, 14 May 2008, Nick Boyce wrote:
> This is the best explanation I've seen so far :
> http://it.slashdot.org/comments.pl?sid=551636&cid=23392602
>
> I have no idea if it's correct, but it sounds very plausible.

It is incorrect.  Close, but incorrect.

> If there was any mistake it may have been to try too hard to get a  
> warning-free run from valgrind.

Especially when dealing with a badly signaled landmine zone like OpenSSL...

> As the /. post says, "Hats off to the reviewer who picked up on the  
> problem".

Indeed.  Running millions of machines on what basically is a small set
of keys (in other words, brute-forceable) is no joke.  We will be
feeling the repercusions of this one for a few years.

It is probably worth a lot of effort to fully map the entire set of keys
the broken openssl could generate, and find a very fast way to check if
a key belong to that set.  And add that to openssl upstream (to
automatically fail any verification done using such keys).

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh