Thursday 15 May 2008

Debian PRNG Update

As is to be expected brute force attack tools are beginning to be rolled out. The really nasty aspect of this is that (as I said yesterday) any cryptographic material that was created on an affected system is now compromised so in addition to the obvious SSH vulnerability servers that use or have used SSL certs issued by an affected platform are no longer secure and any SSL traffic that has been captured can be decrypted, secure mail ain't secure or even authenticatable and signed code is suspect  . I don't think that this is likely to affect any high volume commercial sites but I might be wrong in assuming that providers of such certs would not be using a software based crypto provider.

Metasploit's HD Moore has a detailed write up and already has downloads of tables of all possible 1024, 2048 and 4096 bit RSA keys available.

No comments: