[LUAU] Fwd: Bad Random Number Generator
Julian Yap
julian_yap at yahoo.com
Wed May 21 02:01:06 PDT 2008
Reading more, this is a pretty scary bug.
Here is a link to the original security advisory:
http://www.us.debian.org/security/2008/dsa-1571
The detection tool was kinda tricky to figure out how to use so
more info is here:
http://wiki.debian.org/SSLkeys#head-45e521140d6b8f2a0f96a115a5fc616c4f1baf0b
So running the detection script, using myself as an example, you
want to see something like this:
$ perl dowkd.pl user
notice: creating database, please wait
/home/me/.ssh/known_hosts:1: 2048 bits DSA key not recommended
/home/me/.ssh/known_hosts:9: 2048 bits DSA key not recommended
/home/me/.ssh/known_hosts:10: 2048 bits DSA key not recommended
/home/me/.ssh/known_hosts:36: 2048 bits DSA key not recommended
/home/me/.ssh/known_hosts:90: 512 bits DSA key not recommended
/home/me/.ssh/known_hosts:93: 2048 bits DSA key not recommended
/home/me/.ssh/known_hosts:97: 2048 bits DSA key not recommended
summary: keys found: 99, weak keys: 0
A good write up here as well:
http://metasploit.com/users/hdm/tools/debian-openssl/
- Julian
--- Peter Besenbruch <prb at lava.net> wrote:
> On Tuesday 13 May 2008 13:07:47 David Kiwerski wrote:
> > Interesting - I just upgraded my Mepis on this machine with
> an ssh/ssl
> > update. Is the update no good?
>
> Debian usually announces the updates several days after
> actually posting them.
> If you use Synaptic, it's easy to check the changelog of the
> package.
> --
> Hawaiian Astronomical Society: http://www.hawastsoc.org
> HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky
> _______________________________________________
> LUAU at lists.hosef.org mailing list
> http://lists.hosef.org/listinfo.cgi/luau-hosef.org
>
More information about the LUAU
mailing list