Debian OpenSSL Vulnerability and Diffie Hellman keyExchange | Debian-News.net - Your one stop for news about Debian

Debian-news is about one simple thing - news about Debian GNU/Linux and the top free distributions based on Debian GNU/Linux.

Debian OpenSSL Vulnerability and Diffie Hellman keyExchange

The Debian version of the OpenSSL library was the subject of a security breach discovered in late May 2008 generated keys from a much smaller entropy pool than normal.
Read it here

Quote:

The worst part of this vulnerability is that if you are using distributions other than debian and ubuntu and say i am secure then its not true…because its the nature of diffie hellman keyexchange.

Let me explain this,lets say an vulnerable ubuntu host X exchanges keys with a clean fedora host Y using diffie hellman keyexchange. Even though the fedora is not vulnerable there are chances that secret key exchanged between fedora and ubuntu can be compromised,because an attacker can make a guess on vulnerable ubuntu's secret key 'a' using A(which is easily guessable because of vulnerable openssl ubuntu) .

No Response to “Debian OpenSSL Vulnerability and Diffie Hellman keyExchange” »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a comment

Debian-News is not related to the Debian Project.
All logos and trademarks on this site are property of their respective owners.