Is openssl actually safe now? (was: debian infrastructure ssh key logins disabled, passwords reset)

2008-05-14 Thread BALLABIO GERARDO
Peter Palfrader wrote: Due to the weakness in our openssl's random number generator (see the Debian Security Advisory #1571 from a few minutes ago[1]) that affects among other things ssh keys we have disabled public key auth on all project systems until further notice. Hi all, if I understand

Re: Is openssl actually safe now? (was: debian infrastructure ssh key logins disabled, passwords reset)

2008-05-14 Thread Richard Kettlewell
BALLABIO GERARDO [EMAIL PROTECTED] writes: if I understand correctly, the problem was that openssl used some segment of uninitialized memory as a source of entropy, and the offending patch cleared it. This is not correct. Clearing tmpbuf before reading /dev/urandom is harmless. The broken

Re: Is openssl actually safe now? (was: debian infrastructure ssh key logins disabled, passwords reset)

2008-05-14 Thread Steve Kemp
On Wed May 14, 2008 at 10:21:18 +0200, BALLABIO GERARDO wrote: If so, and if that was the ONLY entropy source used in generating keys, then upstream openssl is (and has always been) just as broken as the patched Debian package. It wasn't. Steve -- Debian GNU/Linux System Administration

Re: Is openssl actually safe now? (was: debian infrastructure ssh key logins disabled, passwords reset)

2008-05-14 Thread Miriam Ruiz
2008/5/14 BALLABIO GERARDO [EMAIL PROTECTED]: However I wonder, is the pristine behavior correct? As far as I know, it is NOT justified at all to rely on the assumption that uninitialized memory contains random data. I read that many architectures reset it to some magic number, e.g.,

Re: Is openssl actually safe now? (was: debian infrastructure ssh key logins disabled, passwords reset)

2008-05-14 Thread David Härdeman
On Wed, May 14, 2008 10:21, BALLABIO GERARDO wrote: Peter Palfrader wrote: Due to the weakness in our openssl's random number generator (see the Debian Security Advisory #1571 from a few minutes ago[1]) that affects among other things ssh keys we have disabled public key auth on all project

Re: Is openssl actually safe now? (was: debian infrastructure ssh key logins disabled, passwords reset)

2008-05-14 Thread Ivan Jager
On Wed, 14 May 2008, David Härdeman wrote: If the entropy pool is properly coded, there is no negative effect of adding data which may or may not be truly random to the pool (i.e. you cannot degrade the quality of the pool no matter what you add). Therefore step b) might add some entropy or it

Re: Is openssl actually safe now? (was: debian infrastructure ssh key logins disabled, passwords reset)

2008-05-14 Thread Steinar H. Gunderson
On Wed, May 14, 2008 at 03:33:52PM -0400, Ivan Jager wrote: I think that might depend on how not truly random the data is. For example, suppose the pool is coded to simply xor the new entropy with the pool. It's not -- it's hashed in using a cryptographic hash function. /* Steinar */ --