Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
OpenSSL
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=== Predictable private keys (Debian-specific) === OpenSSL's pseudo-[[random number generator]] acquires entropy using complex programming methods. To keep the [[Valgrind]] analysis tool from issuing associated warnings, a maintainer of the [[Debian]] distribution applied a [[patch (computing)|patch]] to Debian's variant of the OpenSSL suite, which inadvertently broke its random number generator by limiting the overall number of private keys it could generate to 32,768.<ref>{{Cite web |title=research!rsc: Lessons from the Debian/OpenSSL Fiasco |url=http://research.swtch.com/openssl |website=research.swtch.com |access-date=2015-08-12|df=mdy-all}}</ref><ref>{{Cite web |title=SSLkeys |website=Debian Wiki |url=https://wiki.debian.org/SSLkeys |access-date=2015-06-19|df=mdy-all}}</ref> The broken version was included in the Debian release of September 17, 2006 (version 0.9.8c-1), also compromising other Debian-based distributions, for example [[Ubuntu (operating system)|Ubuntu]]. Ready-to-use [[exploit (computer security)|exploits]] are easily available.<ref>{{Cite web |title=Debian OpenSSL β Predictable PRNG Bruteforce SSH Exploit Python |website=Exploits Database |url=https://www.exploit-db.com/exploits/5720/ |access-date=2015-08-12 |date=2008-06-01 |df=mdy-all |archive-date=February 6, 2025 |archive-url=https://web.archive.org/web/20250206223039/https://www.exploit-db.com/exploits/5720 |url-status=live}}</ref> The error was reported by Debian on May 13, 2008. On the Debian 4.0 distribution (etch), these problems were fixed in version 0.9.8c-4etch3, while fixes for the Debian 5.0 distribution (lenny) were provided in version 0.9.8g-9.<ref name="dsa-1571-1">{{cite web |title=DSA-1571-1 openssl β predictable random number generator |url=http://www.debian.org/security/2008/dsa-1571 |publisher=[[Debian]] Project |date=May 13, 2008 |access-date=August 5, 2012 |archive-date=March 9, 2011 |archive-url=https://web.archive.org/web/20110309045023/http://www.debian.org/security/2008/dsa-1571 |url-status=live}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)