SEARCH RESULTS
 
Showing 1-6 of 6 records
1
 
Expand article

Debian OpenSSL Blunder

2008-05-15 09:19:37 by Editor in Cheap Hack
 
...PRNG." (PRNG is pseudo-random number generator.) It removed substantial randomness from the seed for the PRNG, leaving the process ID, which maxes out at 32,768, as the only input. This allowed Moore to pre-generate all the possible 32768 keys and do a brute force attack. The fact that OpenSSL uses 1024 bit or larger keys didn't matter,...
 
Tags: openssl, bit rsa keys, keys, public key, public, public keys, moore explains, moore, debian
 
 
 
 
Expand article

Random Number Bug in Debian Linux

2008-05-19 06:07:59 by schneier in Schneier on Security
 
...PRNG. Instead of mixing in random data for the initial seed, the only "random" value that was used was the current process ID. On the Linux platform, the default maximum process ID is 32,768, resulting in a very small number of seed values being used for all PRNG operations More info, from Debian, here . And from the hacker community here ....
 
Tags: random, openssl, openssl team, random data, process, debian, current process, openssl package, bug
 
 
 
 
Expand article

Two Years of Broken Crypto: Debian's Dress Rehearsal for a Global PKI Compromise

2008-10-08 04:42:07 by Editor in IEEE Security and Privacy
 
...PRNG), a critical component for secure key generation. Unnoticed for two years, the weak PRNG created a crypto-implementation nightmare with wide-ranging consequences that are difficult to repair. Putting both servers and users at risk, this vulnerability affected OpenSSH, Apache (mod ssl), the onion router (TOR), OpenVPN, and other...
 
Tags: prng, secure key generation, weak prng, critical component, openssl package, debian gnulinux, onion router, consequences, source software
 
 
 
 
Expand article

Got Entropy ?

2008-04-02 02:55:47 by Erik T. Heidt in Art of Information Security
 
...PRNG) or (2) use a hardware random number generator. A Pseudorandom Number Generator uses a seed value to generate a sequence of numbers that appear random. The problem is that the same seed generates the same random sequence. The hardware based RNG observes and samples some physical phenomenon which is random, such as cosmic rays, RF noise,...
 
Tags: entropy, random, 32-byte random, byte, hardware random, entropy sources, sequence, random sequence, pull entropy
 
 
 
 
Expand article

No, I Dont Know the Answer to the Big DNS Secret

2008-07-09 15:26:37 by Chris Eng in Zero in a bit
 
...PRNG for generating the transaction ID, the latter of which would appear to be related to Amit Kleins cache poisoning attack from about a year ago What Rich was really saying is that you can reverse engineer the patch until youre blue in the face, but that wont reveal the specifics of the vulnerability Dans blog post this morning appeared to...
 
Tags: design, excellent design protects, excellent design, dan, dan kaminsky, dan bernstein, tom ptacek, attack surface, attack
 
 
 
 
Expand article

The Skein Hash Function

2008-10-29 04:35:29 by schneier in Schneier on Security
 
...PRNG, a stream cipher, a key derivation function, authentication without the overhead of HMAC, and a personalization capability. All these features can be implemented with very low overhead. Together with the Threefish large-block cipher at Skein core, this design provides a full set of symmetric cryptographic primitives suitable for most...
 
Tags: skein, hash function, function, implement skein-256, implement, skein hashes data, skein website, hashes data, key derivation function
 
 
 
 
 
Showing 1-6 of 6 records
1
 
RELATED VIDEO
Expand / Minimize
SecurityRatty FAQ
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia