digg

Facebook Connect Join Digg About

Debian: Flaw in OpenSSL makes private keys predictable

lists.debian.org Luciano Bello discovered that the random number generator in Debian's openssl package is predictable. This is caused by an incorrect Debian-specific change to the openssl package (CVE-2008-0166). As a result, cryptographic key material may be guessable.

Who dugg this?

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

5 Comments

show profanity settings
expand all
  • Cryoniq, on 05/14/2008, -0/+5Imagine how long it would existed if it wasn't open source etc.. that is even more fishy and scary. :)
  • FKnight, on 05/14/2008, -0/+3Imagine how much safer all of those hundreds of thousands of X509 certs created by Debian based CA's would be if you actually couldn't look at the bugged source code and use some math to crack all of those certs. I'm not saying open or closed source is better than the other, but this cuts both ways. Horrible bug either way that will cost some people a lot of money and time.
  • defconoi, on 05/14/2008, -1/+4sounds pretty fishy to me that this bug existed for 2 years
  • simpleboy, on 05/14/2008, -0/+1Well said!
  • oobuntu, on 05/14/2008, -1/+1apt-get upgrade on debian/ubuntu machines should give you a new openssl, ssh and libssl0.9.8
    luckily my openvpn server is centos. if this means what i think it does, i hope i wouldn't have to revoke and regenerate all keys again!

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...

© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.