8/6/2023 0 Comments Debian opensshExactly what parameters to use depends on how you are using the keys. Keys for DNSSEC or DynamicDNS are probably weak too and should also be recreated through the use of dnssec-keygen(1). ronalde: According to the changelog for bind9 in Debian rndc-confgen in Debian uses /dev/urandom since March 2002 (before then /dev/random was used) I guess rndc-keys aren't affected. > I don't know if this is neccessary or not though. (This is what the postinst script does as well) To regenerate your rndc key, do the following. You should probably know if you use such a key. The Asterisk package does not generate keys automatically and most users don't seem to use them. Non-broken OpenSSL seeds from PID and /dev/urandom.Īsterisk uses RSA keys as an optional authentication method for IAX2 and for DUNDI. PID 0 is the kernel and PID_MAX (32768) is not reached when wrapping, so there were 32767 possible random number streams per architecture. Due to differences between endianness and sizeof(long), the output was architecture-specific: little-endian 32bit (e.g. The broken version of OpenSSL was being seeded only by process ID. You can also test to see if keys are vulnerable using the utility as described below. Instructions for how to regenerate the keys for these applications are below. Then, regenerate and distribute any potentially vulnerable keys. If you choose not to use the above aptitude command, note that all of the following packages must be upgraded (they all come from the same source package): You probably want to also pick up the new openssh packages that include the blacklist of known weak keys, but you will need to aptitude dist-upgrade for that in order to install the new openssh-blacklist package. To fix this, first aptitude update & aptitude upgrade to install the new version of the openssl and libssl0.9.8 packages (the vulnerability is fixed in version 0.9.8c-4etch3 for etch and version 0.9.8g-9 for lenny/sid). telnetd-ssl SSL certificates for SSL-Telnet.apache2 (ssl certs, see "PEM keys" bellow).postfix, exim4, sendmail and other MTAs when using SSL/TLS.Many lists of 'weak' keys have been generated by the metasploit project: Īpplications/protocols known to use these keys: This page uses the data from openssl-blacklist. There is a web-based check available at which will identify a CSR with a weak key. This is due to an 'attack' on DSA that allows the secret key to be found if the nonce used in the signature is known or reused.īlacklists of vulnerable keys available in unstable: Simply using a 'strong' DSA key (i.e., generated with a 'good' OpenSSL) to make a connection from such a machine may have compromised it. In addition, any DSA key must be considered compromised if it has been used on a machine with a 'bad' OpenSSL. Generated using 'openssl', 'ssh-keygen', or 'openvpn -keygen' (GnuPG and GNUTLS are not affected).Generated with Etch, Lenny or Sid (Sarge is not vulnerable).The following cryptographic tools are unaffected:Ĭryptsetup (neither LUKS nor the regular dm-crypt use openssl, the openssl keyscript - which is not used in any default installations - does use openssl, but only to encrypt the key, not to actually generate the key that is used to encrypt the partition, the encryption of the key may therefore be less strong than expected but the key itself is not)Ĭharacteristics of potentially vulnerable keys: Note that this last point means that passwords transmitted over ssh to a server with a weak dsa server key could be compromised too see the Debian project's reaction to this.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |