-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This ones actually surprisingly big.

Essentially when Debian packaged the openssl library the maintainers
noticed that the Valgrind memory checker raised errors in the random
pool code. The code as distributed did not initialize the memory pool,
as in this case the use of uninitialized memory simply adds a bit of
extra entropy to the random pool. When the Debian maintainers attempted
to fix this minor problem, they accidentally commented out the code that
adds random entropy to the pool, making all keys generated by openssl
constrained to a much smaller portion of the keyspace and therefor
guessable.

I haven't seen any good information describing exactly how small the
resulting keyspace is. Debian's security advisory has a link to a tool
that checks for these keys, and examining the source code indicates that
it's simply checking each key against a pre-generated list of ~26,000
possible keys, somewhat below the usual guarantees of enough keys for
every sub-atomic particle in the universe. (give or take a few orders of
magnitude)

The fix is to update the openssl library *and* recreate any keys created
by those broken openssl packages. The second part is unfortunately very
important to follow and likely to be a major pain to actually achieve.
The "checker" tools help to identify what keys are vulnerable, but they
can still miss keys that were created using non-standard settings or
platforms.

Debian announcement:

http://lists.debian.org/debian-security-announce/2008/msg00152.html

Ubuntu announcement:

https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-May/000705.html


Now to inject some politics into this... At least with open source, and
the open development process of debian, this sort of major screw up is
actually publicly known. This is a very subtle security hole that could
have easilly been simply completely covered up in a closed source
library. Random entropy generators are surprisingly hard to get right,
early versions of Netscape suffered from a similar bug that was only
found by carefully examining the machine code.

Then again, it equally highlights how much you have to trust *all*
people in the chain of original maintainers to final distributors. For
really critical stuff your best bet is likely open source, but with very
careful auditing and tracking of what changes were made to the code,
when and by whome.

- -- 
http://petertodd.org 'peter'[:-1]@petertodd.org 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIKuaX3bMhDbI9xWQRApCpAKCNyCMEVsphuvvoCG4JjMZoMRgCKgCfTVR1
qP/UWUwadVgu+6wKaL0o6Rg=
=F8F6
-----END PGP SIGNATURE-----
-- 
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist