Serious flaw in OpenSSL on Debian-based Linux
OK, this is kind of a big deal. It turns out that there is a serious flaw in the OpenSSL packages used on Debian-based Linux distributions, which includes Ubuntu, Xandros, and many others. The problem appears to be that the random number generator is giving predictable, rather un-random results.
From the bulletin:
It is strongly recommended that all cryptographic key material which has been generated by OpenSSL versions starting with 0.9.8c-1 on Debian systems is recreated from scratch. Furthermore, all DSA keys ever used on affected Debian systems for signing or authentication purposes should be considered compromised; the Digital Signature Algorithm relies on a secret random value used during signature generation.
Debian Linux runs many of the websites out there, and a lot of them rely on cryptographic keys for SSL. Replacing these keys (getting them re-signed by a Certificate Authority) will surely be a long and expensive process.
Here’s another gem from the bulletin:
OpenSSL’s DTLS (Datagram TLS, basically “SSL over UDP”) implementation did not actually implement the DTLS specification, but a potentially much weaker protocol, and contained a vulnerability permitting arbitrary code execution (CVE-2007-4995).
These bugs beg the question, why is the Debian team making changes to OpenSSL? Cryptography is hard, and the OpenSSL team has one of the most accurate and respected libraries to date. They should stick to what they’re good at, like package management, and leave cryptography to the people who know what they’re doing. As it stands, I’m not sure if I can trust any SSL connection anymore…