Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


Vendors Are Bad For Security

May 13, 2008, 18:00 (4 Talkback[s])
(Other stories by Ben Laurie)

"I've ranted about this at length before, I'm sure--even in print, in O'Reilly's Open Sources 2. But now Debian have proved me right (again) beyond my wildest expectations. Two years ago, they 'fixed' a 'problem' in OpenSSL reported by valgrind by removing any possibility of adding any entropy to OpenSSL's pool of randomness.

"The result of this is that for the last two years (from Debian's 'Etch' release until now), anyone doing pretty much any crypto on Debian (and hence Ubuntu) has been using easily guessable keys. This includes SSH keys, SSL keys and OpenVPN keys..."

Complete Story

Related Stories: