a little slice of geek

OpenSSL Security Flaw Found In Debian

Linux users can stop being so smug as of right now, no longer are they untouchable in the realms of e-security. The debian team themselves highlighted and announced today they have discovered a rather large flaw in the system used in generating cryptographic keys for things such as SSH and OpenVPN.

The flaw? Well, all keys are made up using an algorithm involving a pre-generated random number, something which in itself is impossible to get and must be equated using a calculation or seperate algorithm. Herein lies OpenSSL’s flaw.

With this in mind, the one point of weakness in the entire system of generating security keys is the beginning random number, if this number is known to an outsider, the entire system of security is compromised as the cryptographic keys can be reverse-calculated using the same algorithm and the known random numer.

As you can imagine, this is a rather large flaw considering it affects every system using a debian linux kernel, this includes every variant of ubuntu (xubunut and edubuntu). A patch has been released by the dev team at debian now so all users need to do is upgrade and it will be fine… Better do it wuick before the hackers come and find you!!!

Pfft… and you thought linux was safe