25C3 - 1.4.2.3

25th Chaos Communication Congress
Nothing to hide

Referenten
Luciano Bello
Maximiliano Bertacchini
Programm
Tag Day 4 (2008-12-30)
Raum Saal 3
Beginn 12:45
Dauer 01:00
Info
ID 2995
Veranstaltungstyp lecture
Track Hacking
Sprache der Veranstaltung en
Feedback

Predictable RNG in the vulnerable Debian OpenSSL package

the What and the How

Recently, the Debian project announced an OpenSSL package vulnerability which they had been distributing for the last two years. This bug makes the PRNG predictable, affecting the keys generated by openssl and every other system that uses libssl (eg. openssh, openvpn).

We will talk about this bug (the speaker was the discoverer of this bug), its discovery and publication, its consequences, and exploitation. As well, we will demonstrate some exploitation tools.

Archived page - Impressum/Datenschutz