This is cache of http://www.pheedo.com/click.phdo?i=82b45bc2d7e3da625459c51c5bb78bca. Cache is the snapshot of article that we took when we index feed.
To see original page click here.
We are not affiliated with the authors of this article and not responsible for its content.
Two Years of Broken Crypto: Debian's Dress Rehearsal for a Global PKI Compromise
2008-10-08 04:42:07 by Editor in IEEE Security and Privacy
 
A patch to the OpenSSL package maintained by Debian GNU/Linux (an operating system composed of free and open source software that can be used as a desktop or server OS) submitted in 2006 weakened its pseudo-random number generator (PRNG), a critical component for secure key generation. Unnoticed for two years, the weak PRNG created a crypto-implementation nightmare with wide-ranging consequences that are difficult to repair. Putting both servers and users at risk, this vulnerability affected OpenSSH, Apache (mod_ssl), the onion router (TOR), OpenVPN, and other applications. In this article, I'll examine the issue and its consequences.
 
Tags: prng, secure key generation, weak prng, critical component, openssl package, debian gnulinux, onion router, consequences, source software
 
 
 
 
 
RELATED VIDEO
Expand / Minimize
SecurityRatty FAQ
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia