- Joined
- Nov 17, 2004
- Messages
- 14,031
Found this recently, not sure about SSL and Apache web servers, but a hacker has already announced a key exploit for this issue to be used as a security device:
Quote
Back in May 2006, a few programmers working on an open-source security project made a whopper of a mistake. Last week, the full impact of that mistake was just beginning to dawn on security professionals around the world.
In technical terms, a programming error reduced the amount of entropy used to create the cryptographic keys in a piece of code called the OpenSSL library, which is used by programs like the Apache Web server, the SSH remote access program, the IPsec Virtual Private Network (VPN), secure e-mail programs, some software used for anonymously accessing the Internet, and so on.
The error doesn't give every computer the same cryptographic key--that would have been caught before now. Instead, it reduces the number of different keys that these Linux computers can generate to 32,767 different keys, depending on the computer's processor architecture, the size of the key, and the key type.
Less than a day after the vulnerability was announced, computer hacker HD Moore of the Metasploit project released a set of "toys" for cracking the keys of these poor Linux and Ubuntu computer systems. As of Sunday, Moore's website had downloadable files of precomputed keys, just to make it easier to identify vulnerable computer systems.
From:
http://www.technologyreview.com/Infotech/20801/page1/
Here is the cracking software website/blog:
http://blogs.zdnet.com/security/?p=1102
Quote
This will generate a new OpenSSH 1024-bit DSA key with the value of getpid() always returning the number 1″. We now have our first pre-generated SSH key. If we continue this process for all PIDs up to 32,767 and then repeat it for 2048-bit RSA keys, we have covered the valid key ranges for x86 systems running the buggy version of the OpenSSL library. With this key set, we can compromise any user account that has a vulnerable key listed in the authorized_keysfile. This key set is also useful for decrypting a previously-captured SSH session, if the SSH server was using a vulnerable host key. Links to the pregenerated key sets for 1024-bit DSA and 2048-bit RSA keys (x86) are provided in the downloads section below.
Even 4,000+ bit keys are effected:
Q: How long does it take a crack a SSH user account using these keys?
A: This depends on the speed of the network and the configuration of the SSH server. It should be possible to try all 32,767 keys of both DSA-1024 and RSA-2048 within a couple hours, but be careful of anti-brute-force scripts on the target server.
Q: I use 16384-bit RSA keys, can these be broken?
A: Yes, its just a matter of time and processing power. For mere mortals, 4096-bit keys are already a little on the paranoid side. All possible 4096-bit keys should be available within the next day or so. It is possible to generate all combinations of 8192-bit and 16384-bit keys, but I probably have better uses for my processors
Hmm...well, it would seem that there is a whole generation of keys created in the last two years that will have to be regenerated after the patch/update has been installed in a vast array of Debian and Ubuntu and Knoppix systems.
*Edited to add, this is a larger breech then I had thought at first, in chatting with a Linux guy, this means that EVERY debian and ubuntu key that has been generated over the last two years is now compromised, with Ubuntu making such a strong push, this literally could ripple around the world and effect a vast array of systems.
Quote
Back in May 2006, a few programmers working on an open-source security project made a whopper of a mistake. Last week, the full impact of that mistake was just beginning to dawn on security professionals around the world.
In technical terms, a programming error reduced the amount of entropy used to create the cryptographic keys in a piece of code called the OpenSSL library, which is used by programs like the Apache Web server, the SSH remote access program, the IPsec Virtual Private Network (VPN), secure e-mail programs, some software used for anonymously accessing the Internet, and so on.
The error doesn't give every computer the same cryptographic key--that would have been caught before now. Instead, it reduces the number of different keys that these Linux computers can generate to 32,767 different keys, depending on the computer's processor architecture, the size of the key, and the key type.
Less than a day after the vulnerability was announced, computer hacker HD Moore of the Metasploit project released a set of "toys" for cracking the keys of these poor Linux and Ubuntu computer systems. As of Sunday, Moore's website had downloadable files of precomputed keys, just to make it easier to identify vulnerable computer systems.
From:
http://www.technologyreview.com/Infotech/20801/page1/
Here is the cracking software website/blog:
http://blogs.zdnet.com/security/?p=1102
Quote
This will generate a new OpenSSH 1024-bit DSA key with the value of getpid() always returning the number 1″. We now have our first pre-generated SSH key. If we continue this process for all PIDs up to 32,767 and then repeat it for 2048-bit RSA keys, we have covered the valid key ranges for x86 systems running the buggy version of the OpenSSL library. With this key set, we can compromise any user account that has a vulnerable key listed in the authorized_keysfile. This key set is also useful for decrypting a previously-captured SSH session, if the SSH server was using a vulnerable host key. Links to the pregenerated key sets for 1024-bit DSA and 2048-bit RSA keys (x86) are provided in the downloads section below.
Even 4,000+ bit keys are effected:
Q: How long does it take a crack a SSH user account using these keys?
A: This depends on the speed of the network and the configuration of the SSH server. It should be possible to try all 32,767 keys of both DSA-1024 and RSA-2048 within a couple hours, but be careful of anti-brute-force scripts on the target server.
Q: I use 16384-bit RSA keys, can these be broken?
A: Yes, its just a matter of time and processing power. For mere mortals, 4096-bit keys are already a little on the paranoid side. All possible 4096-bit keys should be available within the next day or so. It is possible to generate all combinations of 8192-bit and 16384-bit keys, but I probably have better uses for my processors
Hmm...well, it would seem that there is a whole generation of keys created in the last two years that will have to be regenerated after the patch/update has been installed in a vast array of Debian and Ubuntu and Knoppix systems.
*Edited to add, this is a larger breech then I had thought at first, in chatting with a Linux guy, this means that EVERY debian and ubuntu key that has been generated over the last two years is now compromised, with Ubuntu making such a strong push, this literally could ripple around the world and effect a vast array of systems.
