Warning this article may contain opinions of the author that you and iTWire don't necessarily agree with. Don't let them get away with it - have your say with a comment!

No. 1 Story

Technology reinforces generation gap

If you believe that technology could be bridging the generation gap, think again. According to Deloitte’s first State of the Media report it’s as stark as ever.

read more

More From

Popular Threads

Debian's worst nightmare - and how it came about

Sam Varghese
Thursday, 22 May 2008 21:30

Opinion and Analysis

View Comments
Page 1 of 3
The Debian GNU/Linux project has just endured what is probably its worst week on the security front in the 15 years of its existence following the disclosure on May 13 of a serious vulnerability in the distribution's OpenSSL package.


In the days since, there has been scathing criticism, some thoughtful analysis and quite a bit of discussion, both within and outside the project, about the how and why of the vulnerability.

(Disclosure: I have been a Debian user for the last eight years and currently run the AMD64, x86 and MIPS ports of the distribution).

What made the situation even worse was the fact that the bug was introduced as a result of a Debian-specific change made in September 2006.

This change resulted in the random number generator in the OpenSSL package being predictable. Key generation was limited to about 32000 different unique keys, a rather small space when it comes to brute-force searches.

Within OpenSSL, the valgrind memory management profiler can use uninitialised memory as a potential source of entropy/randomness; the change introduced by the Debian developer removed two lines of code, with his intention being that the profiler would stop complaining about the improper use of uninitialised memory.

While this was achieved, the removal of the second line also removed all sources of entropy apart from the process ID which limited the number of unique keys to that given above.

There are a few things to be noted here. The Debian developer in question, Kurt Roeckx, sent a message to the openssl-dev mailing list on May 1, 2006, titled "Random number generator, uninitialised memory and valgrind", proposing the changes which he wanted to make - the commenting out of the two lines of code. He also mentioned that he had no idea what effect this would have on the random number generator.

(It must be noted that the two lines of code were similar - and the removal of the first actually did away with mixing uninitialised memory into the pool. The developer assumed that the second occurrence did the same function as the first and removed it as well. That caused the problem. Neither line of code was commented in the original source.)

In reply, OpenSSL developer Ulf Moller responded that if it helped with debugging, then he was in favour of removing the two lines.


Start 1 2 3 Next 

Our Services for Technology Professionals

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases