Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
* Andrew McGlashan [EMAIL PROTECTED] wrote: Hi, Florian Weimer wrote: Affected keys include SSH keys, OpenVPN keys, DNSSEC keys, and key material for use in X.509 certificates and session keys used in SSL/TLS connections. Keys generated with GnuPG or GNUTLS are not affected, though. So does this mean that all keys shown with apt-key list are okay? If not, then these need to be addressed too. These are gpg-keys. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Pkg-openssl-devel] [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
The Ubuntu openssl maintainers released a openssl-blacklist equivalent to the openssh-blacklist package. It includes a blacklist with compromised openssl key hashes and a program with a openssl-vulnkey program suitable to test your openssl key files. I think it would be a good think to coordinate the work between debian and ubuntu and to incorporate this package into debian main. I am not shure how to include this into a security update and how to make the users check all there keys. It would be nice to have at least a warning from libssl if a compromised key is used. The securest way would be to disable the keys like openssh. What do you think? Christoph -- Christoph Martin, Leiter der EDV der Verwaltung, Uni-Mainz, Germany Internet-Mail: [EMAIL PROTECTED] Telefon: +49-6131-3926337 Fax: +49-6131-3922856 signature.asc Description: OpenPGP digital signature
Re: [Pkg-openssl-devel] [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Hi Alberto, Alberto Gonzalez Iniesta schrieb: On Mon, May 19, 2008 at 01:13:46PM +0200, Christoph Martin wrote: The Ubuntu openssl maintainers released a openssl-blacklist equivalent to the openssh-blacklist package. It includes a blacklist with compromised openssl key hashes and a program with a openssl-vulnkey program suitable to test your openssl key files. I think it would be a good think to coordinate the work between debian and ubuntu and to incorporate this package into debian main. The coordination has already started and the package will be in Debian soon. I am somewhat irritated. Who is building the package and who is coordinating with whom? I am on the [EMAIL PROTECTED] list (and one of the Maintainers of Debian openssl) and did not get any message about this. So please coordinate with the Debian openssl maintainers. Christoph -- Christoph Martin, Leiter der EDV der Verwaltung, Uni-Mainz, Germany Internet-Mail: [EMAIL PROTECTED] Telefon: +49-6131-3926337 Fax: +49-6131-3922856 signature.asc Description: OpenPGP digital signature
Re: [Pkg-openssl-devel] [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
On Tue, May 20, 2008 at 04:48:43PM +0200, Christoph Martin wrote: Hi Alberto, Alberto Gonzalez Iniesta schrieb: On Mon, May 19, 2008 at 01:13:46PM +0200, Christoph Martin wrote: The Ubuntu openssl maintainers released a openssl-blacklist equivalent to the openssh-blacklist package. It includes a blacklist with compromised openssl key hashes and a program with a openssl-vulnkey program suitable to test your openssl key files. I think it would be a good think to coordinate the work between debian and ubuntu and to incorporate this package into debian main. The coordination has already started and the package will be in Debian soon. I am somewhat irritated. Who is building the package and who is coordinating with whom? I am on the [EMAIL PROTECTED] list (and one of the Maintainers of Debian openssl) and did not get any message about this. So please coordinate with the Debian openssl maintainers. The package is being build by its original author (Jamie) and everything got started when the OpenVPN maintainer (me) decided to add secret/key file validation like the one on the Ubuntu package. Since those validations required open(ssl|vpn)-blacklist packages, I contacted with Jamie and Kees from Ubuntu and Debian's Security Team. -- Alberto Gonzalez Iniesta| Formación, consultoría y soporte técnico agi@(inittab.org|debian.org)| en GNU/Linux y software libre Encrypted mail preferred| http://inittab.com Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Pkg-openssl-devel] [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Hi Alberto, Alberto Gonzalez Iniesta schrieb: The package is being build by its original author (Jamie) and everything got started when the OpenVPN maintainer (me) decided to add secret/key file validation like the one on the Ubuntu package. Since those validations required open(ssl|vpn)-blacklist packages, I contacted with Jamie and Kees from Ubuntu and Debian's Security Team. So, you are building openvpn-blacklist and openssl-blacklist for Debian? If you are also building openssl-blacklist, please cc all messages about it to [EMAIL PROTECTED], so that we have a chance to participate. It would have been nice to hear earlier from you, because I am just in the process of building a openssl-blacklist package myself too. I did an ITP and wanted to upload the package to unstable soon. At the moment it is just the ubuntu package with the depends and maintainer changed. It only includes the 1024 and 2048 RSA keys. The goal should be to have eventually a package containing all the vulnerable key hashes up to 4096bits and with the variations which come in if you are on 32bit or 64bit, little or big endian, if you have .rnd or not, etc. Christoph -- Christoph Martin, Leiter der EDV der Verwaltung, Uni-Mainz, Germany Internet-Mail: [EMAIL PROTECTED] Telefon: +49-6131-3926337 Fax: +49-6131-3922856 signature.asc Description: OpenPGP digital signature
Re: [Pkg-openssl-devel] [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Hi Christoph, On Tue, May 20, 2008 at 05:56:56PM +0200, Christoph Martin wrote: Alberto Gonzalez Iniesta schrieb: The package is being build by its original author (Jamie) and everything got started when the OpenVPN maintainer (me) decided to add secret/key file validation like the one on the Ubuntu package. Since those validations required open(ssl|vpn)-blacklist packages, I contacted with Jamie and Kees from Ubuntu and Debian's Security Team. So, you are building openvpn-blacklist and openssl-blacklist for Debian? If you are also building openssl-blacklist, please cc all messages about it to [EMAIL PROTECTED], so that we have a chance to participate. Hi! Yes, I was intending to do an upload -- sorry for the lack of coordination. Things have been rather hectic. Jamie Strandboge has updates to the scripts and the blacklists (which we are publishing to Ubuntu stable security updates shortly). It would have been nice to hear earlier from you, because I am just in the process of building a openssl-blacklist package myself too. I did an ITP and wanted to upload the package to unstable soon. At the moment it is just the ubuntu package with the depends and maintainer changed. It only includes the 1024 and 2048 RSA keys. The goal should be to have eventually a package containing all the vulnerable key hashes up to 4096bits and with the variations which come in if you are on 32bit or 64bit, little or big endian, if you have .rnd or not, etc. Certainly. I'd like to split openssl-blacklist binary package (default key sizes) from openssl-blacklist-extra (uncommon key sizes), as has been done in openssh-blacklist. Is there already a svn for openssl-blacklist? If I could be added to that project ('keescook-guest' on alioth) and the Uploaders list, I'd be happy to help with the package, and help get Jamie's changes into Debian. Thanks, -Kees -- Kees Cook Ubuntu Security Team -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Hi, you wrote: (...) A detector for known weak key material will be published at: http://security.debian.org/project/extra/dowkd/dowkd.pl.gz http://security.debian.org/project/extra/dowkd/dowkd.pl.gz.asc (OpenPGP signature) (...) Thank you for providing a perl script to check for vulnerable keys! That was very helpfull especially for non debian systems where the fingerprints of vulnerable keys might hide in some authorized_keys files. Unfortunately, 4096 bit RSA keys have been used quite often and we are asked by sites how to check for these, too. Could you add the fingerprints of the keys offered on metasploit.com to dowkd.pl so at least those are checked? The 4096 bit RSA keys are on the site and the few I tested are indeed of the vulnerable set: http://metasploit.com/users/hdm/tools/debian-openssl/ Regards, Andreas -- Andreas Bunten (CSIRT), +49 40 808077-555 DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555 Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737 Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski Automatische Warnmeldungenhttps://www.cert.dfn.de/autowarn smime.p7s Description: S/MIME Cryptographic Signature
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
On May 17, 2008, at 1:34 PM, Matteo Vescovi wrote: are there updates for this issue for old stable - sarge? It was said sarge is not affected, Bear in mind that you still want blacklist support for the various tools, not just for the known_hosts and authorized_keys; but also for people who move their identify files around, generate the web/mail server's their x509 cert (request) on a laptop/off-line prior to moving it onto the server and so on*. Dw. *: I found about a 1 to 3901 ratio between affected and non-affected keys out of about 50k ssh-keys and 21k x509's (using the not yet complete lists!) in an environment which is virtually only Windows, MacOSX and FreeBSD. I think it is reasonable to assume that this is fairly common - hence you want these blacklist tools on a wider range of platforms/OS-es. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/17/2008 12:55 PM, Dimitar Dobrev wrote: Hi group, are there updates for this issue for old stable - sarge? It was said sarge is not affected, iirc. Greetings, mfv - -- Matteo F. Vescovi System Administrator Studio Vescovi Progettazioni GPG Fingerprint: 8EF0 F019 80D1 96BF C9C6 387E D6DE 031F 991F 9D2D -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFILsK51t4DH5kfnS0RAkBCAJwJHjWb1RsW2c9wnojgti5++pCCvwCgopJ3 3Lrdw5/2oGgSd65VZkUVCg0= =CRZ+ -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
* Dimitar Dobrev [EMAIL PROTECTED] wrote: Hi group, are there updates for this issue for old stable - sarge? You should read what you quote: The first vulnerable version, 0.9.8c-1, was uploaded to the unstable distribution on 2006-09-17, and has since propagated to the testing and current stable (etch) distributions. The old stable distribution ^^^ (sarge) is not affected ^^ Regards Jens -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Hi, On Sat, May 17, 2008 at 12:55 PM, Dimitar Dobrev [EMAIL PROTECTED] wrote: Hi group, are there updates for this issue for old stable - sarge? The first vulnerable version, 0.9.8c-1, was uploaded to the unstable distribution on 2006-09-17, and has since propagated to the testing and current stable (etch) distributions. The old stable distribution (sarge) is not affected. hth martin -- http://www.xing.com/profile/Martin_Marcher You are not free to read this message, by doing so, you have violated my licence and are required to urinate publicly. Thank you. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Hi Dimitar, * Dimitar Dobrev [EMAIL PROTECTED] [2008-05-17 13:48]: are there updates for this issue for old stable - sarge? sarge is not affected and besides that the security support for sarge ended quite some time ago. cheers nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpSXjnbZoGWN.pgp Description: PGP signature
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
* Henrique de Moraes Holschuh: It's not so much a time issue, is a question of storage (or getting that data to the OpenSSH server). A networked service would be feasible, but it would also allow some sort of traffic analysis. I did mean putting a lot of brain grease on it. Math might shorten the need for a monstrous lookup table quite a bit, since randomness is not an issue anymore. Yes, good point. However, some cryptographic hashing is still involved, so this might be a rather difficult thing to do. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
OoO En ce début d'après-midi nuageux du samedi 17 mai 2008, vers 14:15, Nico Golde [EMAIL PROTECTED] disait: are there updates for this issue for old stable - sarge? sarge is not affected I suppose that people may still be interested in blacklist support. and besides that the security support for sarge ended quite some time ago. This is a valid reason. -- C'est pas avec la censure que tu vas censurer les censeurs. -+- JL in GNU : Las, censeurs pour l'échafaud -+- pgpUQsSCET5p1.pgp Description: PGP signature
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Hi Vincent, * Vincent Bernat [EMAIL PROTECTED] [2008-05-17 21:12]: OoO En ce début d'après-midi nuageux du samedi 17 mai 2008, vers 14:15, Nico Golde [EMAIL PROTECTED] disait: are there updates for this issue for old stable - sarge? sarge is not affected I suppose that people may still be interested in blacklist support. [...] Well, you replied to the openssl DSA... Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpB5fpqW4B9j.pgp Description: PGP signature
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
On mar, 2008-05-13 at 23:39 -0300, Henrique de Moraes Holschuh wrote: It is probably worth a lot of effort to fully map the entire set of keys the broken openssl could generate, and find a very fast way to check if a key belong to that set. And add that to openssl upstream (to automatically fail any verification done using such keys). Ubuntu apparently made it. See http://www.ubuntu.com/usn/usn-612-2 -- Yves-Alexis signature.asc Description: This is a digitally signed message part
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
On Dienstag, 13. Mai 2008, Vincent Bernat wrote: - As a maintainer of a package that have generated certificates using OpenSSL, how should we handle the issue? I'm in the same situation (maintaining openswan and strongswan, and both packages may automatically create X.509 certificates in postinst). For the last question, I see several solutions: - an helper package will be provided and each package should register key locations (in a bug report against the package for example); those keys will be checked and the user will be warned about weak keys. Moreover, each package will generate a short help message explaining how to regenerate keys. This helper package will be shipped in security and uploaded with a libssl depending on it I agree that this would be the best (i.e. quickest) solution to the problem. The updated libssl should pull in a fixer package that can recognize broken keys and - based on debconf questions - automatically re-create these keys, warning the user of potential breakage (i.e. the need to redistribute the new public key). This whole issue is _very_ bad for Debian, so we need to make it as simple and painless as possible to fix it on individual machines. For reference, openswan and strongswan can re-create their automatically generated keys with (if these files exist, as there are other ways of authentication as well): rm /etc/ipsec.d/private/`hostname`Key.pem /etc/ipsec.d/certs/`hostname`Cert.pem dpkg-reconfigure (open|strong)swan /etc/init.d/ipsec restart (where the last command terminates currently open IPSec connections, which may need to be restarted from the other end...). This seems similar enough to how openssh-server, as suggested by Dererk: rm /etc/ssh/ssh_host_* dpkg-reconfigure openssh-server /etc/init.d/ssh restart (where the last command should not influence currently open SSH connections). Each package that auto-generates keypairs with libssl should provide commands like these along with a short description of how this re-creation affects users. The detection script should of course be called before automatically removing weak keys - but if and only if it is 100% accurate in identifying them! The same detection script should also be run on all known key locations where user-generated keys may be stored. For open/strongswan, the respective directories are /etc/ipsec.d/private, /etc/ipsec.d/certs, and /etc/ipsec.d/cacerts, similar to the openssl directories /etc/ssl/private, /etc/ssl/certs, and /etc/ssl/cacerts (the latter may not exist). open/strongswan may also use /etc/ipsec.d/*certs, but not automatically based on maintainer scripts. Other packages will most certainly also have well-known directories that may contain user-generated keys (such as ~/.ssh/). Who is currently responsible for updating the (currently empty) http://www.debian.org/security/key-rollover/? Please add these instructions for openssh and (open|strong)swan as soon as possible. http://www.ubuntu.com/usn/usn-612-2 contains a nice text which may be used as the basis for how to deal with openssh keys. Maybe I haven't understood the DSA correctly, but is it currently known if both private/public and secret keys are affected, and which schemes (DH, RSA, DSA, EC, etc.)? If even DH is affected, then e.g. also ZRTP and other key continuity based approaches may also need to discard their broken key material. More details would help in determining the potential effects of this serious vulnerability and in decreasing breakage due to rollover. I.e. the detection script should be as specific as possible. Re-creating keys can be a great pain for users, and we should therefore be careful not to discard good keys. However, the priority must be on replacing _all_ broken ones, in favor of discarding a few good ones. PS: Unfortunately, I'll be off to a conference on the other side of the world by tomorrow morning, so I won't have any connectivity in the next roughly 3 days and thus can't help with fixing open/strongswan keys at the moment. I hope the text above contains everything necessary to create a fixer package and ship it with the libssl update via security. best regards, Rene -- - Gibraltar firewall http://www.gibraltar.at/ signature.asc Description: This is a digitally signed message part.
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Am Mittwoch, den 14.05.2008, 09:35 +0200 schrieb Rene Mayrhofer: rm /etc/ssh/ssh_host_* dpkg-reconfigure openssh-server /etc/init.d/ssh restart FWIW, the dpkg-reconfigure openssh-server does the restart implicitly, you don't need to explicitly do a restart afterwards, again. Who is currently responsible for updating the (currently empty) http://www.debian.org/security/key-rollover/? Please add these instructions for openssh and (open|strong)swan as soon as possible. I've asked several times on #debian-security about what to add to there, a question to [EMAIL PROTECTED] got unanswered so far, too. I would be fine to add any informations, I just don't like linking to a wiki page[1] for security related informations unless explicitly told that that's the only way to go - it just feels wrong. Noone said that converting that wiki page to the website would be the right thing to do, neither. So long, Rhonda [1] http://wiki.debian.org/SSLkeys P.S.: Sorry to the people that are in Cc and might receive that in double, I am not sure whom or what lists should be removed here like I usually do. signature.asc Description: Dies ist ein digital signierter Nachrichtenteil
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
On Wed, 14 May 2008 07:59:58 +0200, Yves-Alexis Perez wrote: On mar, 2008-05-13 at 23:39 -0300, Henrique de Moraes Holschuh wrote: It is probably worth a lot of effort to fully map the entire set of keys the broken openssl could generate, and find a very fast way to check if a key belong to that set. And add that to openssl upstream (to automatically fail any verification done using such keys). Ubuntu apparently made it. See http://www.ubuntu.com/usn/usn-612-2 Not quite... Once the update is applied, weak user keys will be automatically rejected where possible (though they cannot be detected in all cases). I agree it would be neat if someone with a powerful machine could generate all possible keys. I don't know how long that would take however... -- Sam Morris http://robots.org.uk/ PGP key id 1024D/5EA01078 3412 EA18 1277 354B 991B C869 B219 7FDB 5EA0 1078 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
* Sam Morris: I agree it would be neat if someone with a powerful machine could generate all possible keys. I don't know how long that would take however... It's not so much a time issue, is a question of storage (or getting that data to the OpenSSH server). A networked service would be feasible, but it would also allow some sort of traffic analysis. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
On Wed, 14 May 2008, Sam Morris wrote: Not quite... Once the update is applied, weak user keys will be automatically rejected where possible (though they cannot be detected in all cases). I agree it would be neat if someone with a powerful machine could generate all possible keys. I don't know how long that would take however... Someone did it : http://metasploit.com/users/hdm/tools/debian-openssl/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
On Wed, 14 May 2008, Florian Weimer wrote: I agree it would be neat if someone with a powerful machine could generate all possible keys. I don't know how long that would take however... It's not so much a time issue, is a question of storage (or getting that data to the OpenSSH server). A networked service would be feasible, but it would also allow some sort of traffic analysis. I did mean putting a lot of brain grease on it. Math might shorten the need for a monstrous lookup table quite a bit, since randomness is not an issue anymore. Or it might not. I am not qualified or skilled on the math needed for such analysis to really know. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
On Tue, May 13, 2008 at 02:06:39PM +0200, Florian Weimer wrote: A detector for known weak key material will be published at: http://security.debian.org/project/extra/dowkd/dowkd.pl.gz http://security.debian.org/project/extra/dowkd/dowkd.pl.gz.asc (OpenPGP signature) On stable I get close is not a valid DB_File macro at /home/pkern/dowkd.pl line 51. Kind regards, Philipp Kern -- .''`. Philipp Kern Debian Developer : :' : http://philkern.de Debian Release Assistant `. `' xmpp:[EMAIL PROTECTED] `-finger pkern/[EMAIL PROTECTED] signature.asc Description: Digital signature
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
On Tue, May 13, 2008 at 02:06:39PM +0200, Florian Weimer wrote: It is strongly recommended that all cryptographic key material which has been generated by OpenSSL versions starting with 0.9.8c-1 on Debian systems is recreated from scratch. Does openssh store the generation date in the SSH keypair? If so, then could some guru post a way to retrieve that? -- Marcin Owsiany [EMAIL PROTECTED] http://marcin.owsiany.pl/ GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Broken link on Debian CVE Web page (Was: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
On 13/05/2008, Stephane Bortzmeyer wrote: By the way, the page http://www.debian.org/security/cve-compatibility has a link http://security-tracker.debian.org/, labeled The Debian Security Tracker has the canonical list of CVE names, corresponding Debian packages, and this link is broken: there is no security-tracker.debian.org. Just in case you don't know about it yet, try .net. Mraw, KiBi. pgpGke0BxVdhq.pgp Description: PGP signature
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
* Dominic Hargreaves: On Tue, May 13, 2008 at 02:06:39PM +0200, Florian Weimer wrote: http://security.debian.org/project/extra/dowkd/dowkd.pl.gz.asc (OpenPGP signature) This URL 404s (but the tool URL doesn't... possibly encouraging bad practice in running unverified code) Yeah, sorry about that. There used to be a .sig, though. Should be fixed now. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
* Marcin Owsiany: On Tue, May 13, 2008 at 02:06:39PM +0200, Florian Weimer wrote: It is strongly recommended that all cryptographic key material which has been generated by OpenSSL versions starting with 0.9.8c-1 on Debian systems is recreated from scratch. Does openssh store the generation date in the SSH keypair? As far as I can tell, it doesn't. There is only the file date as an indicator, which is pretty weak. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
very bad news On Tue, 13 May 2008 14:06:39 +0200, Florian Weimer [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1571-1 [EMAIL PROTECTED] http://www.debian.org/security/ Florian Weimer May 13, 2008 http://www.debian.org/security/faq - Package: openssl Vulnerability : predictable random number generator Problem type : remote Debian-specific: yes CVE Id(s) : CVE-2008-0166 Luciano Bello discovered that the random number generator in Debian's openssl package is predictable. This is caused by an incorrect Debian-specific change to the openssl package (CVE-2008-0166). As a result, cryptographic key material may be guessable. This is a Debian-specific vulnerability which does not affect other operating systems which are not based on Debian. However, other systems can be indirectly affected if weak keys are imported into them. It is strongly recommended that all cryptographic key material which has been generated by OpenSSL versions starting with 0.9.8c-1 on Debian systems is recreated from scratch. Furthermore, all DSA keys ever used on affected Debian systems for signing or authentication purposes should be considered compromised; the Digital Signature Algorithm relies on a secret random value used during signature generation. The first vulnerable version, 0.9.8c-1, was uploaded to the unstable distribution on 2006-09-17, and has since propagated to the testing and current stable (etch) distributions. The old stable distribution (sarge) is not affected. Affected keys include SSH keys, OpenVPN keys, DNSSEC keys, and key material for use in X.509 certificates and session keys used in SSL/TLS connections. Keys generated with GnuPG or GNUTLS are not affected, though. A detector for known weak key material will be published at: http://security.debian.org/project/extra/dowkd/dowkd.pl.gz http://security.debian.org/project/extra/dowkd/dowkd.pl.gz.asc (OpenPGP signature) Instructions how to implement key rollover for various packages will be published at: http://www.debian.org/security/key-rollover/ This web site will be continously updated to reflect new and updated instructions on key rollovers for packages using SSL certificates. Popular packages not affected will also be listed. In addition to this critical change, two other vulnerabilities have been fixed in the openssl package which were originally scheduled for release with the next etch point release: OpenSSL's DTLS (Datagram TLS, basically SSL over UDP) implementation did not actually implement the DTLS specification, but a potentially much weaker protocol, and contained a vulnerability permitting arbitrary code execution (CVE-2007-4995). A side channel attack in the integer multiplication routines is also addressed (CVE-2007-3108). For the stable distribution (etch), these problems have been fixed in version 0.9.8c-4etch3. For the unstable distribution (sid) and the testing distribution (lenny), these problems have been fixed in version 0.9.8g-9. We recommend that you upgrade your openssl package and subsequently regenerate any cryptographic material, as outlined above. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch3.dsc Size/MD5 checksum: 1099 5e60a893c9c3258669845b0a56d9d9d6 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c.orig.tar.gz Size/MD5 checksum: 3313857 78454bec556bcb4c45129428a766c886 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch3.diff.gz Size/MD5 checksum:55320 f0e457d6459255da86f388dcf695ee20 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch3_alpha.deb Size/MD5 checksum: 1025954 d82f535b49f8c56aa2135f2fa52e7059 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch3_alpha.deb Size/MD5 checksum: 4558230 399adb0f2c7faa51065d4977a7f3b3c4 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch3_alpha.deb Size/MD5 checksum: 2620892
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
On Tuesday 13 of May 2008, Dominic Hargreaves wrote: On Tue, May 13, 2008 at 02:06:39PM +0200, Florian Weimer wrote: http://security.debian.org/project/extra/dowkd/dowkd.pl.gz.asc (OpenPGP signature) This URL 404s (but the tool URL doesn't... possibly encouraging bad practice in running unverified code) I seems to be another typo. Correct URL is apparently this: http://security.debian.org/project/extra/dowkd/dowkd.pl.gz.sig Instructions how to implement key rollover for various packages will be published at: http://www.debian.org/security/key-rollover/ This URL 404s too. They state it WILL be published, but didn't say when... Thanks for your efforts on this issue so far - obviously a bit of a nightmare. Cheers, Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- S pozdravem Vladislav Kurz === WebStep, s.r.o. (Ltd.) = a step to the Web === address: Mezirka 1, 602 00 Brno, CZ, tel: +420 548 214 711 === www.webstep.net === [EMAIL PROTECTED] === -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Am Dienstag, den 13.05.2008, 16:02 +0200 schrieb Daniel Leidert: Am Dienstag, den 13.05.2008, 15:27 +0200 schrieb Philipp Kern: On Tue, May 13, 2008 at 02:06:39PM +0200, Florian Weimer wrote: A detector for known weak key material will be published at: http://security.debian.org/project/extra/dowkd/dowkd.pl.gz http://security.debian.org/project/extra/dowkd/dowkd.pl.gz.asc (OpenPGP signature) On stable I get close is not a valid DB_File macro at /home/pkern/dowkd.pl line 51. $ ./dowkd.pl help close is not a valid DB_File macro at ./dowkd.pl line 51 Well, something is broken (sid here). It was dowkd.db, which I broke. Forget my comment. Regards, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Broken link on Debian CVE Web page (Was: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
On Tue, May 13, 2008 at 03:44:24PM +0200, Cyril Brulebois [EMAIL PROTECTED] wrote a message of 31 lines which said: By the way, the page http://www.debian.org/security/cve-compatibility has a link http://security-tracker.debian.org/, labeled The Debian Security Tracker has the canonical list of CVE names, corresponding Debian packages, and this link is broken: there is no security-tracker.debian.org. Just in case you don't know about it yet, try .net. Nice and useful but the Web page should be fixed, anyway. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
On Tue, May 13, 2008 at 04:17:03PM +0200, Florian Weimer wrote: The $db-close call is wrong, you can just remove it, or download the new version (where this should be fixed). Works now, thanks. Kind regards, Philipp Kern -- .''`. Philipp Kern Debian Developer : :' : http://philkern.de Debian Release Assistant `. `' xmpp:[EMAIL PROTECTED] `-finger pkern/[EMAIL PROTECTED] signature.asc Description: Digital signature
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
* Florian Weimer [EMAIL PROTECTED] [2008-05-13 14:06 +0200]: Luciano Bello discovered that the random number generator in Debian's openssl package is predictable. This is caused by an incorrect Debian-specific change to the openssl package (CVE-2008-0166). As a result, cryptographic key material may be guessable. The diffs http://svn.debian.org/viewsvn/pkg-openssl/openssl/trunk/rand/md_rand.c?rev=141view=diffr1=141r2=140p1=openssl/trunk/rand/md_rand.cp2=/openssl/trunk/rand/md_rand.c and http://svn.debian.org/viewsvn/pkg-openssl/openssl/trunk/crypto/rand/md_rand.c?rev=300view=diffr1=300r2=299p1=openssl/trunk/crypto/rand/md_rand.cp2=/openssl/trunk/crypto/rand/md_rand.c (I got them from http://www.links.org/?p=327) suggest, that only half of the problem was fixed. Is this correct? Nicolas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
* Nicolas Rachinsky: The diffs http://svn.debian.org/viewsvn/pkg-openssl/openssl/trunk/rand/md_rand.c?rev=141view=diffr1=141r2=140p1=openssl/trunk/rand/md_rand.cp2=/openssl/trunk/rand/md_rand.c and http://svn.debian.org/viewsvn/pkg-openssl/openssl/trunk/crypto/rand/md_rand.c?rev=300view=diffr1=300r2=299p1=openssl/trunk/crypto/rand/md_rand.cp2=/openssl/trunk/crypto/rand/md_rand.c (I got them from http://www.links.org/?p=327) suggest, that only half of the problem was fixed. Is this correct? No, the other hunk is benign. It mixes data from the target buffer of RAND_bytes into the pool, and this is completely optional (because it's not guaranteed that this data is random anyway). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Am Dienstag, den 13.05.2008, 15:27 +0200 schrieb Philipp Kern: On Tue, May 13, 2008 at 02:06:39PM +0200, Florian Weimer wrote: A detector for known weak key material will be published at: http://security.debian.org/project/extra/dowkd/dowkd.pl.gz http://security.debian.org/project/extra/dowkd/dowkd.pl.gz.asc (OpenPGP signature) On stable I get close is not a valid DB_File macro at /home/pkern/dowkd.pl line 51. $ ./dowkd.pl help close is not a valid DB_File macro at ./dowkd.pl line 51 Well, something is broken (sid here). Regards, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Broken link on Debian CVE Web page (Was: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Am Dienstag, den 13.05.2008, 15:51 +0200 schrieb Stephane Bortzmeyer: On Tue, May 13, 2008 at 03:44:24PM +0200, packages, and this link is broken: there is no security-tracker.debian.org. Just in case you don't know about it yet, try .net. Nice and useful but the Web page should be fixed, anyway. Of course, am having the change sitting in my local repository, will commit it as soon as it's possible again. So long, Rhonda signature.asc Description: Dies ist ein digital signierter Nachrichtenteil
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Florian Weimer said: The first vulnerable version, 0.9.8c-1, was uploaded to the unstable distribution on 2006-09-17, and has since propagated to the testing and current stable (etch) distributions. The old stable distribution (sarge) is not affected. The information about sarge is not consistent with http://security-tracker.debian.net/tracker/CVE-2008-0166: Source Package Release Version Status openssl (PTS) sarge, sarge (security) 0.9.7e-3sarge5 vulnerable etch0.9.8c-4etch1 vulnerable etch (security) 0.9.8c-4etch3 fixed lenny, sid 0.9.8g-10 fixed Who's right here ? -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFIKaRiBi3LpOkEzmoRAmnRAJ9aufBTNW+4lsY7W3QI3AE/lnJmhQCeMNrt 9hO+vDycKey8spJCPHN56Ng= =3Hdv -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Hello, Am Dienstag, 13. Mai 2008 schrieb [EMAIL PROTECTED]: [] openssl - predictable random number generator very bad news indeed - since I have to chip certificates for multiple OpenVPN networks :( (This time, I'll do it on OpenBSD ;) However, I'm curious: I could this happen? (Although I'm not paranoid in general, I'm a little bit tensed right now ...) Thanks Keep smiling yanosz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
OoO En ce début d'après-midi nuageux du mardi 13 mai 2008, vers 14:06, Florian Weimer [EMAIL PROTECTED] disait: Package: openssl Vulnerability : predictable random number generator Some other random questions: - It seems that firefox does not handle CRL unless manually imported, correct? This means that in most cases already issued certificates are still vulnerable even revoked. A quick look seems to show that most software do not handle CRL at all. - As a maintainer of a package that have generated certificates using OpenSSL, how should we handle the issue? For the last question, I see several solutions: - the user has to read the DSA and handle it himself - an helper package will be provided and each package should register key locations (in a bug report against the package for example); those keys will be checked and the user will be warned about weak keys. Moreover, each package will generate a short help message explaining how to regenerate keys. This helper package will be shipped in security and uploaded with a libssl depending on it - the helper package can also be used directly by the package that should call some magic function in postinst ; the bad news with this approach is that we should upload a security release for each impacted package. Any thoughts? -- panic(IRQ, you lose...); 2.2.16 /usr/src/linux/arch/mips/sgi/kernel/indy_int.c -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
On Tue, May 13, 2008 at 07:38:27PM +, Sam Morris wrote: On Tue, 13 May 2008 21:29:53 +0200, Vincent Bernat wrote: - It seems that firefox does not handle CRL unless manually imported, correct? This means that in most cases already issued certificates are still vulnerable even revoked. A quick look seems to show that most software do not handle CRL at all. Yes, x509 is fundamentally broken in the first place. and how! see http://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt for more in this vein. I never tire of reading that file ... Regards, Paddy -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Hello, Am Dienstag, 13. Mai 2008 schrieb Vincent Bernat: OoO En ce début d'après-midi nuageux du mardi 13 mai 2008, vers 14:06, Florian Weimer [EMAIL PROTECTED] disait: Package: openssl Vulnerability : predictable random number generator Some other random questions: - It seems that firefox does not handle CRL unless manually imported, correct? This means that in most cases already issued certificates are still vulnerable even revoked. A quick look seems to show that most software do not handle CRL at all. - As a maintainer of a package that have generated certificates using OpenSSL, how should we handle the issue? For the last question, I see several solutions: - the user has to read the DSA and handle it himself Since some keys are generated automatically, (e.g. ssh host keys) users will have to regenerate keys,they haven't generated in the first place and might not be aware of their existens. That's bad. Keep smiling yanosz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
On Tue, May 13, 2008 at 3:52 PM, Jan Luehr [EMAIL PROTECTED] wrote: For the last question, I see several solutions: - the user has to read the DSA and handle it himself Since some keys are generated automatically, (e.g. ssh host keys) users will have to regenerate keys,they haven't generated in the first place and might not be aware of their existens. That's bad. The only instructions I've seen for regenerating host keys include shutting down the sshd server. This is impossible in some servers I have, so is there another way? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
OoO En cette soirée bien amorcée du mardi 13 mai 2008, vers 22:21, John Keimel [EMAIL PROTECTED] disait: Since some keys are generated automatically, (e.g. ssh host keys) users will have to regenerate keys,they haven't generated in the first place and might not be aware of their existens. That's bad. The only instructions I've seen for regenerating host keys include shutting down the sshd server. This is impossible in some servers I have, so is there another way? Restarting OpenSSH do not close existing connections. -- panic(esp: what could it be... I wonder...); 2.2.16 /usr/src/linux/drivers/scsi/esp.c pgp94W592trkG.pgp Description: PGP signature
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Jan Luehr wrote: Hello, Am Dienstag, 13. Mai 2008 schrieb Corey Hickey: Jan Luehr wrote: Hello, Am Dienstag, 13. Mai 2008 schrieb Vincent Bernat: OoO En ce début d'après-midi nuageux du mardi 13 mai 2008, vers 14:06, Florian Weimer [EMAIL PROTECTED] disait: Package: openssl Vulnerability : predictable random number generator Some other random questions: - It seems that firefox does not handle CRL unless manually imported, correct? This means that in most cases already issued certificates are still vulnerable even revoked. A quick look seems to show that most software do not handle CRL at all. - As a maintainer of a package that have generated certificates using OpenSSL, how should we handle the issue? For the last question, I see several solutions: - the user has to read the DSA and handle it himself Since some keys are generated automatically, (e.g. ssh host keys) users will have to regenerate keys,they haven't generated in the first place and might not be aware of their existens. That's bad. Unless I'm gravely mistaken, SSH keys aren't affected by this vulnerability. OpenSSH and OpenSSL are separate, and your ssh program generated its own keys. As stated in the DSA: »Affected keys include SSH keys, OpenVPN keys, DNSSEC keys, and key material for use in X.509 certificates and session keys used in SSL/TLS connections. Keys generated with GnuPG or GNUTLS are not affected, though.« Yeah, I just realized OpenSSH uses libSSL; sorry for the noise. -Corey -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
On Tue, May 13, 2008 at 4:31 PM, Vincent Bernat [EMAIL PROTECTED] wrote: OoO En cette soirée bien amorcée du mardi 13 mai 2008, vers 22:21, John Keimel [EMAIL PROTECTED] disait: Since some keys are generated automatically, (e.g. ssh host keys) users will have to regenerate keys,they haven't generated in the first place and might not be aware of their existens. That's bad. The only instructions I've seen for regenerating host keys include shutting down the sshd server. This is impossible in some servers I have, so is there another way? Restarting OpenSSH do not close existing connections. Yes, that's correct. I agree. But the instructions I saw were for 'shutting down the SSHD server' - not just 'restarting it'. That's why I asked. I think Ian's suggestion will work just fine for me though, so I'll give that a go. Thanks folks. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Hello, Am Dienstag, 13. Mai 2008 schrieb Corey Hickey: Jan Luehr wrote: Hello, Am Dienstag, 13. Mai 2008 schrieb Vincent Bernat: OoO En ce début d'après-midi nuageux du mardi 13 mai 2008, vers 14:06, Florian Weimer [EMAIL PROTECTED] disait: Package: openssl Vulnerability : predictable random number generator Some other random questions: - It seems that firefox does not handle CRL unless manually imported, correct? This means that in most cases already issued certificates are still vulnerable even revoked. A quick look seems to show that most software do not handle CRL at all. - As a maintainer of a package that have generated certificates using OpenSSL, how should we handle the issue? For the last question, I see several solutions: - the user has to read the DSA and handle it himself Since some keys are generated automatically, (e.g. ssh host keys) users will have to regenerate keys,they haven't generated in the first place and might not be aware of their existens. That's bad. Unless I'm gravely mistaken, SSH keys aren't affected by this vulnerability. OpenSSH and OpenSSL are separate, and your ssh program generated its own keys. As stated in the DSA: »Affected keys include SSH keys, OpenVPN keys, DNSSEC keys, and key material for use in X.509 certificates and session keys used in SSL/TLS connections. Keys generated with GnuPG or GNUTLS are not affected, though.« Keep smiling yanosz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Jan Luehr wrote: Hello, Am Dienstag, 13. Mai 2008 schrieb Vincent Bernat: OoO En ce début d'après-midi nuageux du mardi 13 mai 2008, vers 14:06, Florian Weimer [EMAIL PROTECTED] disait: Package: openssl Vulnerability : predictable random number generator Some other random questions: - It seems that firefox does not handle CRL unless manually imported, correct? This means that in most cases already issued certificates are still vulnerable even revoked. A quick look seems to show that most software do not handle CRL at all. - As a maintainer of a package that have generated certificates using OpenSSL, how should we handle the issue? For the last question, I see several solutions: - the user has to read the DSA and handle it himself Since some keys are generated automatically, (e.g. ssh host keys) users will have to regenerate keys,they haven't generated in the first place and might not be aware of their existens. That's bad. Unless I'm gravely mistaken, SSH keys aren't affected by this vulnerability. OpenSSH and OpenSSL are separate, and your ssh program generated its own keys. -Corey -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
OoO En cette soirée bien amorcée du mardi 13 mai 2008, vers 22:38, John Keimel [EMAIL PROTECTED] disait: Restarting OpenSSH do not close existing connections. Yes, that's correct. I agree. But the instructions I saw were for 'shutting down the SSHD server' - not just 'restarting it'. Then, shutting down the SSHD server do not close existing connections (unless you kill them manually on purpose, of course!). -- Document your data layouts. - The Elements of Programming Style (Kernighan Plauger) pgpORFNvxEaI5.pgp Description: PGP signature
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Hello, Am Dienstag, 13. Mai 2008 schrieb John Keimel: On Tue, May 13, 2008 at 4:31 PM, Vincent Bernat [EMAIL PROTECTED] wrote: OoO En cette soirée bien amorcée du mardi 13 mai 2008, vers 22:21, John Keimel [EMAIL PROTECTED] disait: Since some keys are generated automatically, (e.g. ssh host keys) users will have to regenerate keys,they haven't generated in the first place and might not be aware of their existens. That's bad. The only instructions I've seen for regenerating host keys include shutting down the sshd server. This is impossible in some servers I have, so is there another way? Restarting OpenSSH do not close existing connections. Yes, that's correct. I agree. But the instructions I saw were for 'shutting down the SSHD server' - not just 'restarting it'. That's why I asked. I think Ian's suggestion will work just fine for me though, so I'll give that a go. rm /etc/ssh/ssh_host_* ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' /etc/init.d/ssh restart - job done. Keep smiling yanosz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
On Tue, May 13, 2008 at 10:53:25PM +0200, Jan Luehr wrote: rm /etc/ssh/ssh_host_* ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' /etc/init.d/ssh restart - job done. Keep smiling yanosz Shorter one: rm /etc/ssh/ssh_host_* dpkg-reconfigure openssh-server Greetings, Dererk signature.asc Description: Digital signature
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
On May 13, 2008, at 2:35 PM, dererk wrote: On Tue, May 13, 2008 at 10:53:25PM +0200, Jan Luehr wrote: rm /etc/ssh/ssh_host_* ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' /etc/init.d/ssh restart - job done. Keep smiling yanosz Shorter one: Upgrading openssl before reconfiguring: apt-get update apt-get upgrade rm /etc/ssh/ssh_host_* dpkg-reconfigure openssh-server Greetings, Dererk -gorkhe -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Jan Luehr wrote: However, I'm curious: [how] could this happen? This is the best explanation I've seen so far : http://it.slashdot.org/comments.pl?sid=551636cid=23392602 I have no idea if it's correct, but it sounds very plausible. If there was any mistake it may have been to try too hard to get a warning-free run from valgrind. Contrary to some reports that Debian should have discussed the proposed faulty fix with the OpenSSL devs in 2006, note that the Debian developer involved *did* try to discuss the proposed changes with the OpenSSL devs, and was not warned against the idea : http://marc.info/?t=11465108893r=1w=2 As the /. post says, Hats off to the reviewer who picked up on the problem. Cheers, Nick Boyce -- Leave the Olympics in Greece, where they belong. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]