Linux Today: Linux News On Internet Time.

After Debian's Epic SSL Blunder, A World of Hurt for Security Pros

May 22, 2008, 15:45 (7 Talkback[s])
(Other stories by Dan Goodin)

"It's been more than a week since Debian patched a massive security hole in the library the operating system uses to create cryptographic keys for securing email, websites and administrative servers. Now the hard work begins, as legions of admins are saddled with the odious task of regenerating keys too numerous for anyone to estimate.

"The flaw in Debian's random number generator means that OpenSSL keys generated over the past 20 months are so predictable that an attacker can correctly guess them in a matter of hours..."

Complete Story

Related Stories: