[sf-lug] For all those running Debian or derivatives like Ubuntu

Tom Haddon tom at greenleaftech.net
Tue May 13 11:02:04 PDT 2008


On Tue, 2008-05-13 at 10:47 -0700, Kristian Erik Hermansen wrote:
> Some people are probably having an "oh shit" moment.  However, I
> presume that the random seed would need to have been captured in
> real-time while you were creating your encryption keys?  I haven't
> looked into it in depth, but ill keep my ears open for new
> developments...interesting

Unfortunately not:

"Luciano Bello discovered that the random number generator in Debian's
openssl package is predictable. This is caused by an incorrect
Debian-specific change to the openssl package (CVE-2008-0166). As a
result, cryptographic key material may be guessable."

In other words, any key created during the time this vulnerability was
in place should be replaced.

Thanks, Tom

> 
> 
> 
> On 5/13/08, Ernest De Leon <edeleonjr at gmail.com> wrote:
> > http://www.smbtechadvice.com/2008/05/debian-security-advisory-openssl.html
> >
> >
> > --
> > Ernest de Leon
> > http://www.smbtechadvice.com
> >
> > "They who can give up essential liberty to obtain a little temporary safety
> > deserve neither liberty nor safety." - A common 18th Century sentiment
> > voiced by Benjamin Franklin
> >
> > "A patriot must always be ready to defend his country against his
> > government." - Edward Abbey
> >
> > "All that is necessary for evil to triumph is for good men to do nothing." -
> > Edmund Burke, English statesman and political philosopher (1729-1797)
> >
> 





More information about the sf-lug mailing list