« Pwnie Nominees Announced
Evolution is Punctuated Equilibria »

Crippling Crypto: The Debian OpenSSL Debacle

This weekend at The Last HOPE, Jacob Appelbaum, Karsten Nohl and I gave the following presentation on the Debian OpenSSL weak PRNG vulnerability.

In May 2008, a weakness in Debian was discovered which makes cryptographic keys predictable. A Debian-specific patch to OpenSSL broke the pseudo-random number generator two years ago, which led to guessable SSL and SSH keys. The vulnerability allows for impersonation of secure servers, as well as the potential to login to SSH secured systems. Since many popular derivatives like Ubuntu and Xandros are affected, the weak keys are found all over the Internet. The panel will present their approach to generating lists of weak keys using cloud computing and explain how they collected large numbers of SSL certificates of which several thousand are weak.

Presentation materials:

  • Slides
  • Forthcoming: Weak RSA keys
  • Forthcoming: Patch to ssldump to decrypt SSL traffic if the remote site has a weak RSA key and RSA key agreement is used

This entry was posted on July 21, 2008 at 3:51 pm and is filed under Conferences, Vulnerabilities . You can follow any responses to this entry through the RSS 2.0 feed You can leave a response, or trackback from your own site.

2 Responses to “Crippling Crypto: The Debian OpenSSL Debacle”

  1. 2501 Says:
    August 8, 2008 at 8:52 pm

    Does this affect Slackware/Zenwalk Linux users?

    Thanks. You have an awesome blog!!!

    -2501

  2. Dino Dai Zovi Says:
    August 21, 2008 at 9:01 pm

    @2501 This issue only affected Debian users and users of Debian-derived distributions such as Ubuntu and Xandros.

    -Dino

Leave a Reply