Re: DSA/DSS keys and DSA 1576-1/CVE-2008-0166.

2008-05-14 Thread Mario 'BitKoenig' Holbe
Mario 'BitKoenig' Holbe <[EMAIL PROTECTED]> wrote: > ssh-dss.c:ssh_dss_sign() calls openssh's DSA_do_sign() which finally ^ openssl's, of course. regards Mario -- The social dynamics of the net are a direct consequence of the fact that nobody has yet d

Re: openssl / x509 certs

2008-05-14 Thread Scott Edwards
On Wed, May 14, 2008 at 11:09 AM, Hr. Philip Rueegsegger <[EMAIL PROTECTED]> wrote: > How can I check if a rsa key created by 'openssl genrsa ...' and its x509 > certificate is vulnerable ? The utility ssh-vulnkey seems to only check ssh > keys. Thanks in advance ! > What CVE IDs does this apply

Re: [SECURITY] [DSA 1571-1] vulnerability of past SSH/SSL sessions

2008-05-14 Thread Simon Valiquette
Micah Anderson un jour écrivit: * Simon Valiquette <[EMAIL PROTECTED]> [2008-05-14 16:36-0400]: In other words, if a vulnerable key have been involved, and if someone was able to intercept and save the encrypted data, he/she can now decipher It, whether It is passwords, ssh sessions, secur

Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

2008-05-14 Thread Henrique de Moraes Holschuh
On Wed, 14 May 2008, Florian Weimer wrote: > > I agree it would be neat if someone with a powerful machine could > > generate all possible keys. I don't know how long that would take > > however... > > It's not so much a time issue, is a question of storage (or getting that > data to the OpenSSH

Re: [SECURITY] [DSA 1571-1] vulnerability of past SSH/SSL sessions

2008-05-14 Thread Henrique de Moraes Holschuh
On Wed, 14 May 2008, Micah Anderson wrote: > authenticity of the server. In other words, ssh sessions are not > compromised just because an adversary has the host keys (unless a MITM > is setup, in which case you need bot the host key and the authentication > key to perform a mitm attack). Ok. Bu

Re: DSA/DSS keys and DSA 1576-1/CVE-2008-0166.

2008-05-14 Thread Andrew McGlashan
Hi, Mario 'BitKoenig' Holbe wrote: Kurt Roeckx <[EMAIL PROTECTED]> wrote: So my question is, does either the ssh client or server use openssl to generate the random number used to sign? Yes, they both do. ssh-dss.c:ssh_dss_sign() calls openssh's DSA_do_sign() which finally goes down to ssleay

Re: [SECURITY] [DSA 1571-1] vulnerability of past SSH/SSL sessions

2008-05-14 Thread Micah Anderson
* Simon Valiquette <[EMAIL PROTECTED]> [2008-05-14 16:36-0400]: > >> Affected keys include SSH keys [...] and session keys used > > in SSL/TLS connections. > > It seems that people are insisting quite a lot on the bad keys, but > what worry me a lot more is that, apparently and very logically,

Re: dowkd.pl - how the blacklist data is generated ?

2008-05-14 Thread nicolas vigier
On Wed, 14 May 2008, Alexandre Dulaunoy wrote: > Hi, > > For my understanding, the black list in the dowkd.pl is generated > from the potential remaining entropy source which seems to be > only the PID value added in the pool. > > Could we have some false negative[1] when running the dowkd scrip

Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

2008-05-14 Thread nicolas vigier
On Wed, 14 May 2008, Sam Morris wrote: > > Not quite... "Once the update is applied, weak user keys will be > automatically rejected where possible (though they cannot be detected in > all cases)." > > I agree it would be neat if someone with a powerful machine could > generate all possible k

Re: [SECURITY] [DSA 1571-1] vulnerability of past SSH/SSL sessions

2008-05-14 Thread Simon Valiquette
Affected keys include SSH keys [...] and session keys used > in SSL/TLS connections. It seems that people are insisting quite a lot on the bad keys, but what worry me a lot more is that, apparently and very logically, past ssh connections and any SSL session keys are to be considered compr

Re: DSA/DSS keys and DSA 1576-1/CVE-2008-0166.

2008-05-14 Thread Mario 'BitKoenig' Holbe
Kurt Roeckx <[EMAIL PROTECTED]> wrote: > So my question is, does either the ssh client or server use openssl to > generate the random number used to sign? Yes, they both do. ssh-dss.c:ssh_dss_sign() calls openssh's DSA_do_sign() which finally goes down to ssleay_rand_add() (via dsa_sign_setup()->B

Re: [SECURITY] [DSA 1576-1] New openssh packages fix predictable randomness

2008-05-14 Thread CaT
On Wed, May 14, 2008 at 07:33:43PM +0200, Jan Luehr wrote: > >To check all your own keys, assuming they are in the standard > >locations (~/.ssh/id_rsa, ~/.ssh/id_dsa, or ~/.ssh/identity): > > > > ssh-vulnkey > > I took a look at it and found two large blacklist containing lots of key

DSA/DSS keys and DSA 1576-1/CVE-2008-0166.

2008-05-14 Thread Kurt Roeckx
There seems to be some confusion going around about the effect of the openssl issue on dsa keys. >From what I understand, when using a DSA key and the random number used to generate a signature is known, predictable, or used twice the private key can be calculated. So it seem to me that if a DSA

Re: openssl/openssh fixes for lenny (testing)

2008-05-14 Thread Noah Meyerhans
On Wed, May 14, 2008 at 10:39:10AM -0700, Harry Edmon wrote: > Are there any plans to issue the same openssl/openssh security fixes for > lenny has have been done for etch? OpenSSL has already been fixed in lenny. The openssh package containing ssh-vulkey should hit testing tomorrow at the lates

openssl/openssh fixes for lenny (testing)

2008-05-14 Thread Harry Edmon
Are there any plans to issue the same openssl/openssh security fixes for lenny has have been done for etch? -- Dr. Harry Edmon E-MAIL: [EMAIL PROTECTED] 206-543-0547[EMAIL PROTECTED] Dept of Atmospheric SciencesFAX:206-543-0308 Universi

Re: [SECURITY] [DSA 1576-1] New openssh packages fix predictable randomness

2008-05-14 Thread Jan Luehr
Hello, Am Mittwoch, 14. Mai 2008 schrieb Florian Weimer: > Package: openssh > Vulnerability : predictable random number generator > Problem type : remote > Debian-specific: yes > CVE Id(s) : CVE-2008-0166 > > The recently announced vulnerability in Debian's openssl package > (DSA-

Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

2008-05-14 Thread Florian Weimer
* Sam Morris: > I agree it would be neat if someone with a powerful machine could > generate all possible keys. I don't know how long that would take > however... It's not so much a time issue, is a question of storage (or getting that data to the OpenSSH server). A networked service would be

openssl / x509 certs

2008-05-14 Thread Hr. Philip Rueegsegger
How can I check if a rsa key created by 'openssl genrsa ...' and its x509 certificate is vulnerable ? The utility ssh-vulnkey seems to only check ssh keys. Thanks in advance ! Cheers, Philip -- System Engineer Unix B | SOURCE Phone +41 44 712 65 14 Mobil

Re: leakage of keys?

2008-05-14 Thread Rene Mayrhofer
On Mittwoch, 14. Mai 2008, Nicolas Rachinsky wrote: > Does this affect other protocols? ssl/ipsec/openvpn (with > certificates) IPSec: yes, most probably. To be sure when using open/strongswan, run rm /etc/ipsec.d/private/`hostname`Key.pem /etc/ipsec.d/certs/`hostname`Cert.pem dpkg-reconfigure (

leakage of keys?

2008-05-14 Thread Nicolas Rachinsky
Hallo, http://wiki.debian.org/SSLkeys says | Additionally, some DSA keys may be compromised in the following situations: ... | * key generated with good openssl and used to ssh from a machine with bad ssl = bad Are really only DSA keys affected (i.e., RSA key generated with good openssl and used

dowkd.pl - how the blacklist data is generated ?

2008-05-14 Thread Alexandre Dulaunoy
Hi, For my understanding, the black list in the dowkd.pl is generated from the potential remaining entropy source which seems to be only the PID value added in the pool. Could we have some false negative[1] when running the dowkd script ? and would it possible to have the source code of the "blac

Re: dowkd.pl via Package

2008-05-14 Thread Johannes Wiedersich
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2008-05-14 12:53, Hideki Yamane wrote: > And if we would get it via package, when dowkd.pl is updated we can know > about it automatically (with apt-get :-) I guess ssh-vulnkey from the updated openssh packages might do what you ask for. HTH, Jo

Re: Re: dowkd.pl via Package

2008-05-14 Thread Hideki Yamane
Hi, > I expect thats what the dowkd.pl.gz.asc file is for. (see > http://wiki.debian.org/SSLkeys under "Testing keys using dowkd.pl") Yes, but all of users will do so? (I hope, but many of them will do that without checking, I think. They hear about this issue via /. or someone's blog or so, a

Re: [SECURITY] [DSA 1576-1] New openssh packages fix predictable randomness

2008-05-14 Thread CaT
On Wed, May 14, 2008 at 12:17:14PM +0200, Jan Luehr wrote: > > 1. Install the security updates > > > >This update contains a dependency on the openssl update and will > >automatically install a corrected version of the libss0.9.8 package, > >and a new package openssh-blacklist. > > > >

Re: AW: [SECURITY] [DSA 1576-1] New openssh packages fix predictable randomness

2008-05-14 Thread José Santos
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Wolf Tony wrote: | Hi, | | you only need to do | | aptitude install openssh-server | | or | | apt-get install openssh-server | | Best regards | | Tony Wolf | That worked fine. Thank you. Kind regards - -- José Santos [EMAIL PROTECTED] -BEGIN PGP

AW: [SECURITY] [DSA 1576-1] New openssh packages fix predictable randomness

2008-05-14 Thread Wolf Tony
Hi, you only need to do aptitude install openssh-server or apt-get install openssh-server Best regards Tony Wolf -Ursprüngliche Nachricht- Von: Alvise Belotti [mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 14. Mai 2008 12:20 An: José Santos Cc: debian-security@lists.debian.org Betre

Re: [SECURITY] [DSA 1576-1] New openssh packages fix predictable randomness

2008-05-14 Thread Jan Luehr
Hello, Am Mittwoch, 14. Mai 2008 schrieb Florian Weimer: > Package: openssh > Vulnerability : predictable random number generator > Problem type : remote > Debian-specific: yes > CVE Id(s) : CVE-2008-0166 > 1. Install the security updates > >This update contains a dependency o

Re: [SECURITY] [DSA 1576-1] New openssh packages fix predictable randomness

2008-05-14 Thread Alvise Belotti
Il 14 May 2008, alle 11:02, José Santos ha scritto: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > > > Florian Weimer wrote: > | > | Debian Security Advisory DSA-1576-1 [EMAIL PROTECTED] > | http://w

Re: [SECURITY] [DSA 1576-1] New openssh packages fix predictable randomness

2008-05-14 Thread José Santos
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Florian Weimer wrote: | | Debian Security Advisory DSA-1576-1 [EMAIL PROTECTED] | http://www.debian.org/security/ Florian Weimer | Ma

Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

2008-05-14 Thread Gerfried Fuchs
Am Mittwoch, den 14.05.2008, 09:35 +0200 schrieb Rene Mayrhofer: > rm /etc/ssh/ssh_host_* > dpkg-reconfigure openssh-server > /etc/init.d/ssh restart FWIW, the dpkg-reconfigure openssh-server does the restart implicitly, you don't need to explicitly do a restart afterwards, again. > Who is curre

Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

2008-05-14 Thread Sam Morris
On Wed, 14 May 2008 07:59:58 +0200, Yves-Alexis Perez wrote: > On mar, 2008-05-13 at 23:39 -0300, Henrique de Moraes Holschuh wrote: >> >> It is probably worth a lot of effort to fully map the entire set of >> keys >> the broken openssl could generate, and find a very fast way to check if >> a ke

Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

2008-05-14 Thread Rene Mayrhofer
On Dienstag, 13. Mai 2008, Vincent Bernat wrote: > - As a maintainer of a package that have generated certificates using >OpenSSL, how should we handle the issue? I'm in the same situation (maintaining openswan and strongswan, and both packages may automatically create X.509 certificates in