Debian-news is about one simple thing - news about Debian GNU/Linux and the top free distributions based on Debian GNU/Linux.


Debian OpenSSL Vulnerability and Diffie Hellman keyExchange

The Debian version of the OpenSSL library was the subject of a security breach discovered in late May 2008 generated keys from a much smaller entropy pool than normal.
Read it here


The worst part of this vulnerability is that if you are using distributions other than debian and ubuntu and say i am secure then its not true…because its the nature of diffie hellman keyexchange.

Let me explain this,lets say an vulnerable ubuntu host X exchanges keys with a clean fedora host Y using diffie hellman keyexchange. Even though the fedora is not vulnerable there are chances that secret key exchanged between fedora and ubuntu can be compromised,because an attacker can make a guess on vulnerable ubuntu's secret key 'a' using A(which is easily guessable because of vulnerable openssl ubuntu) .

No Response to “Debian OpenSSL Vulnerability and Diffie Hellman keyExchange” »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Debian-News is not related to the Debian Project.
All logos and trademarks on this site are property of their respective owners.