News

Debian-openssl random number generator has been proving predictable for years

By admin
Spread the love

The random number generator used in the Debian openssl package has been reported to provide predictable ‘random’ numbers since September 2006. Cryptographic keys would therefore not be secure.

Due to an incorrect modification of the Debian openssl package, a predictable random number generator is included in the package crept. A new version of the openssl package in which the random number generator has been improved is now available in the repositories. A manual installation is of course also possible. The Debian security team recommends recreating all keys generated with openssl versions starting with 0.9.8c-1 with the improved random number generator.

The first version of openssl with the flawed random number generator was first used in September 2006 in the unstable distribution of Debian. The package was used in the test and production versions of Debian Etch; the stable old distro Debian Sarge has the package on board in intact condition. The keys that may be weaker than desired include keys for ssh, openvpn, dnssec, x.509 key material, and ssl and tsl keys. In addition to Debian, distributions derived from Debian, such as the various Ubuntu versions, may also be vulnerable. It is also possible that keys imported from Debian could make other operating systems vulnerable.

You might also like
News

AMD: Intel’s proposal for 64bit-only x86 architecture is very interesting

News

Canonical acquires container management tool LXD and doesn’t make it…

News

Chinese Linux distro OpenKylin should make the country less dependent on the West

News

Canonical is going to link PPAs in Ubuntu to keyring for more security

News

Nintendo wants to take tools that can steal encrypted Switch codes offline

News

Ubuntu 23.04 with new installer and Azure Active Directory authentication is out

Exit mobile version