NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Mandrake Linux> 2008-q2

Re: [Security-Discuss] Fwd: [Security Announce] OpenSSL key/certificate weakness discovered in Debian-based systems

From: Gustavo De Nardin (spuk) (gustavodnmandriva.com)
Date: Fri May 16 2008 - 10:39:09 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Vincent Danen <vdanenmandriva.com> [2008-05-16 09:11 -0600]:
> * [2008-05-16 15:37:26 +0200] Michael Scherer wrote:
>
> >>Regarding this problem, another factor may compromise an SSH key, even
> >>if it has not been generated under a debian-like distribution. This
> >>potentially impact more users. Two conditions must be met :
> >>* Your SSH key is of DSA type
> >>* And it has been used ONCE on a debian-like system
> >
> >so that mean a rogue ssh server could steal your secret key ?
>
> Yes but there are a few significant factors. First, it needs to be one

Actually, no. That would break asymmetric cryptography principles... :]

Quoting the current wording in
<http://wiki.debian.org/SSLkeys#head-d841ac769390d013577ce3fd2be24b8cf5a74cfb>:
"""
In addition, any DSA key must be considered compromised if it has been used
on a machine with a 'bad' OpenSSL. Simply using a 'strong' DSA key (i.e.,
generated with a 'good' OpenSSL) to make a connection from such a machine
may have compromised it. This is due to an 'attack' on DSA that allows the
secret key to be found if the nonce used in the signature is known or
reused.
"""

Specifically: "... make a connection from such a machine ..."

> of these Debian systems with the weak openssl, and second it needs to be
> compromised by someone who can perform a special attack on the DSA key.
> From my understanding, this can really only happen now... so you would
> need to connect to such a compromised server now as the vuln was not
> previously known and requires this vuln to properly execute.
>
> If Gustavo is on the list, I think he has more info on the particulars.
> At any rate, this is a very small risk here. You also have to be using
> a DSA key; RSA keys are not vulnerable to this.
>
> --
> Vincent Danen http://linsec.ca/

____________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://store.mandriva.com
Join the Club : http://www.mandrivaclub.com
____________________________________________________

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]