Predictable RNG in the vulnerable Debian OpenSSL package
the What and the How
Luciano Bello and Maximiliano Bertacchini
Video Player
Playlists:
'25c3' videos starting here
/
audio
/
related events
Media error: Format(s) not supported or source(s) not found
Download File: https://dortmund.media.ccc.de//congress/2008/video_h264_720x576/25c3-2995-en-predictable_rng_in_the_vulnerable_debian_openssl_package.mp4Download File: https://ftp.agdsn.de/ccc//congress/2008/webm/25c3-2995-en-predictable_rng_in_the_vulnerable_debian_openssl_package.webm00:00
00:00 | 00:00
Recently, the Debian project announced an OpenSSL package vulnerability which they had been distributing for the last two years. This bug makes the PRNG predictable, affecting the keys generated by openssl and every other system that uses libssl (eg. openssh, openvpn).
