16 May 2008

From Organic Design wiki
Warning.svg This is a blog item that needs to be converted to the new Bliki format

Predictable random number generator discovered in the Debian version of OpenSSL

A major security hole was announced on May 13, 2008 in the pseudorandom number generator (PRNG) of the Debian version of OpenSSL, one of the most used cryptographic programming libraries. The problem affects all the Debian-based GNU/Linux distributions, like Ubuntu and Knoppix, that was used to create SSL/TLS keys since September 17, 2006. The bug was discovered by Luciano Bello, a Debian package maintainer. ([random number generator discovered in the Debian version of OpenSSL|read the rest on WikiNews...])

This bug affects Organic Design because our servers are Debian and workstations Ubuntu, but all have been updated now and the compromised keys regenerated. The problem affected the MediaWiki SVN users as well because it uses SSH keys for authentication, so anyone's keys that were generated on affected systems had to be replaced including ours.