openssl

Sometimes, people do such stupid things that words almost fail me. That’s the case with a Debian ‘improvement’ to OpenSSL that rendered this network security program next to useless in Debian, Ubuntu and other related Linux distributions.

You’ve probably heard by now about the gaping hole in keys generated by Debian’s OpenSSL. If not, the summary is that your SSH keys and SSL certs were selected from a fixed pool of 215 (32,767) possibilities, and are thus easy to brute-force over the network.

If you have any keys generated on a Debian system, you need to immediately replace them or

FTP has been the standard way to do this for as long as I can remember so to make my server as useful as possible Installing an FTP server is a very important program.

For the purpose of my server I will be using ProFTPD.

Michael Creel has announced the release of PelicanHPC 1.5.1 (formerly PrallelKnoppix), a Debian-based live CD designed to make it simple to set up a high-performance computing cluster.

This updates fixes the recent "predictable randomness" vulnerability in Debian's build of OpenSSL and all users are strongly encouraged to upgrade.....

As has been widely reported, the maintainers of Debian's OpenSSL packages made some errors recently that have potentially compromised the security of any sshd-equipped system used remotely by Debian users.

This is just a little more than a "oops" flaw. This is a huge mistake that WILL affect you Ubuntu users as well!"Moore documents the cause of the bug and explains how easily attackers can create every possible key the flawed OpenSSL implementation can generate."

A security researcher has warned that cryptographic keys generated in the last year and a half using Debian OpenSSL may be invalid.

OpenSSL is a very important package that brought public key cryptography to the masses; prior to OpenSSL, https web sites were expensive and complicated to build.

So, for those who haven't heard, a Debian packager modified the source used for OpenSSL on Debian based systems to remove the seed used for PRNG used when creating SSL keys.

If you are using Debian or any other distro that's based on it (such as Ubuntu), you are advised to update, because a weakness was discovered in the random number generator used by OpenSSL.

To fix the problem, you will have to update the OpenSSL packages and regenerate any private keys made on Debian (Etch or newer) or Ubuntu 7.04 and higher.