PDA

View Full Version : [ubuntu] OpenSSL Predictable Random Numbers (CVE-2008-0166)



a__l__a__n
May 16th, 2008, 03:25 AM
A bug introduced in Debian OpenSSL in 2006 crippled the random number generation and results in predictable encryption keys. See

http://article.gmane.org/gmane.linux.debian.security.announce/1614

This error has been in the Ubuntu code base for a couple of years. So in particular, it would have affected gutsy as well as hardy.

I need to know whether this error affected the generation of encryption keys when the alternate ubuntu installer was used to encrypt the filesystem during Ubuntu installation. Does that process use OpenSSL crypto primitives (in particular, key derivation / generation)?

If so, then any Ubuntu encrypted partitions created prior to the recent patch are using predictable encryption keys and therefore are providing only an illusion of strong cryptographic protection. To fix, the volumes would have to be decrypted and then re-encrypted under a new key generated after the patch.

Dr Small
May 16th, 2008, 03:36 AM
You missed the sticky! :)

a__l__a__n
May 16th, 2008, 12:53 PM
I did miss that. I did a search on the CVE vulnerability id (CVE-2008-0166) and nothing came up. It would help if the thread referenced the id of the security vulnerability it is discussing...

OTOH I don't see any discussion in that thread of the effect that the bug might or might not have on how Ubuntu creates encrypted filesystems during install. So the question still remains...

Monicker
May 16th, 2008, 02:23 PM
You could always take a look at the Debian advisories, which I believe are referenced in the sticky. They have a list of other which are or are not also affected by this. For some reason the Ubuntu advisories seem to neglect these other applications.

http://www.debian.org/security/key-rollover/


EDIT: This may also be useful, from a url referenced in the above page.

http://wiki.debian.org/SSLkeys#head-3861b1dd215639c0871218e5a49f2ca29ecf9371

a__l__a__n
May 16th, 2008, 08:43 PM
Thanks Monicker. The info at the last link was what I needed.