This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Two Years of Broken Crypto: Debian's Dress Rehearsal for a Global PKI Compromise
September/October 2008 (vol. 6 no. 5)
pp. 70-73
David Ahmad, Bombardier Aerospace
A patch to the OpenSSL package maintained by Debian GNU/Linux (an operating system composed of free and open source software that can be used as a desktop or server OS) submitted in 2006 weakened its pseudo-random number generator (PRNG), a critical component for secure key generation. Unnoticed for two years, the weak PRNG created a crypto-implementation nightmare with wide-ranging consequences that are difficult to repair. Putting both servers and users at risk, this vulnerability affected OpenSSH, Apache (mod_ssl), the onion router (TOR), OpenVPN, and other applications. In this article, I'll examine the issue and its consequences.
Index Terms:
cryptography, pki, vulnerability, ssl, ssh, Debian, GNU/Linux
Citation:
David Ahmad, "Two Years of Broken Crypto: Debian's Dress Rehearsal for a Global PKI Compromise," IEEE Security & Privacy, vol. 6, no. 5, pp. 70-73, Sept.-Oct. 2008, doi:10.1109/MSP.2008.131
Usage of this product signifies your acceptance of the Terms of Use.