Predictable RNG in the vulnerable Debian OpenSSL package

the What and the How

Luciano Bello and Maximiliano Bertacchini

Playlists: '25c3' videos starting here / audio / related events

Recently, the Debian project announced an OpenSSL package vulnerability which they had been distributing for the last two years. This bug makes the PRNG predictable, affecting the keys generated by openssl and every other system that uses libssl (eg. openssh, openvpn).

Download

Related

Embed

Share:

Tags