Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
On Wed, 14 May 2008 07:59:58 +0200, Yves-Alexis Perez wrote:
> On mar, 2008-05-13 at 23:39 -0300, Henrique de Moraes Holschuh wrote:
>>
>> It is probably worth a lot of effort to fully map the entire set of
>> keys
>> the broken openssl could generate, and find a very fast way to check if
>> a key belong to that set. And add that to openssl upstream (to
>> automatically fail any verification done using such keys).
>
> Ubuntu apparently made it. See http://www.ubuntu.com/usn/usn-612-2
Not quite... "Once the update is applied, weak user keys will be
automatically rejected where possible (though they cannot be detected in
all cases)."
I agree it would be neat if someone with a powerful machine could
generate all possible keys. I don't know how long that would take
however...
--
Sam Morris
http://robots.org.uk/
PGP key id 1024D/5EA01078
3412 EA18 1277 354B 991B C869 B219 7FDB 5EA0 1078
Reply to: