Skip to: Site menu | Main content

How badly debian/ubunutu openssl is fscked up?

Executive Summary: BADLY!

At first I want to admit that this test may be silly but is fast and simple
All test were done on my Lenovo Z61p running recent Fedora9 – debian openssl was compiled from source

So, how to test what commenting out one line in openssl code changes?

Let’s generate some random numbers using openssl. Quick, dirty and lame solution:

$ for i in `seq 100000`; do ./openssl rand -base64 40 >> test; done 

and now quick check for randomness of this data:

$ wc -l test; cat test | sort| uniq -c | sort | tail   


Fedora openssl:

mag@viper:~$ wc -l test

100000 test   

mag@viper:~$ wc -l test; cat test | sort| uniq -c | sort | tail

100000 test

      1 ZzvfJF8Sh8s59kU+/hNoK8F4FfbyIoG7qY9NObjd24PwvMzm6CHuzw==

      1 ZZVN89z8LONs8nbk49enpEYbm47iZF8bFc0kvFwyEr0MzLuzOiQqQA==

      1 zZwbc+wuPBMCdR6gEXjkkaxrFF+Capaw8INv0DPhi8paqcTbvxX86w==

      1 ZZx1dP0xMsceZl9ozVeUvQgEP9AmE/56a+CgdIO8kCCDI6DdDTrxeA==

      1 zzxnavFvysTxniMWv+a0Rxyu1XtCZ2UZN5pVAB3b5FAtIZx+5EttqA==

      1 ZzyKbqW87iekJtK9niDu0FwKnR5ENXnKdKJFcCbNAp2qqEw9yrTn5A==

      1 zZZ9K7L4n7qKH5E5GYDaIZLchQvSn7e/g1FPL8SmZF+NW+1i3H3XRw==

      1 Zz/z9kwIDywXrxtrTNmWy9gFGGcass9k3g8fe8DTae3lCiAukILUtg==

      1 +zZ/ZKKqv5YQagg3HSpp2hLrFSuPIRRg0nDOEwZ2hf935Gk6zS7TFA==

      1 zZZwoogf3Ib5Xg9WMnMU/4IP2mbbvXhuecSnofxqscLg1QpA4R6N3g==   

Everything looks fine all seeds are unique, now debian openssl:

Debian openssl:

mag@viper:~/tmp/openssl-0.9.8g/apps$ wc -l test

100000 test   

mag@viper:~/tmp/openssl-0.9.8g/apps$ wc -l test; cat test | sort| uniq -c | sort | tail

100000 test

      4 zYgla7UVURkIGH9Bol2otXKSTYfr/NBIVZa/68FKeidHgbtSAIVNog==

      4 zYJLIAIxG8AMtrf6smNMsdZFBADCQPyuZHQTmGFWnJg6PwESLL2e8g==

      4 ZyKePqCM93yGcYkNxlHJ0/y7ZOhAEtXJyyi4H6JVzUcRpe+2zhJeZg==

      4 zyuCidG1FPJm8Ut4CshJvI5A+g3SDvmFZ4lIN+ESUCA/m8DU1aJ5ww==

      4 ZZbFf3M7R0Pl+VPkJD9TJzsqSVbgCxydAJVzS8f752pYfXCyzVNP1g==

      4 zzrbuvwbw8XN61Bygi8KEKMUI7qOVZmQmglJYua/Zp7dDFH/Z45mJQ==

      4 zztQ5wdvkWiwCIEJpkSvyqkrVgb32UccogSmZwNRlLH7ieIZvXU+/A==

      4 zZUGNwhNUFHCdkPnHFYW0ME1+MlFwSo3eb1rLOwjDfL5FyHHqvFQ4g==

      4 zZVYlHlCIH4XHveWvvWgES2AwHuhy3aiIQk2JvyE7T3VKdNCWZU9QA==

      4 zzZPx/Z5iE29WkCpTVKunmo102m4p3GYHzXZ6B/TRgKSUFkJScGVqA==  

Quick interpretation of results – first column is count of repeating seed. So in 100000 tries debian openssl random() generated 4 times same 40 byte string.
This was used for openssh/ssl/etc key generation…

Conclusion: debian openssl was UNABLE to generate random numbers AT ALL!

and nobody noticed :-/

I leave the rest to you, happy regenerating all CA and ssl certificates. I only wonder what if Verisign or other “trusted” company used this for main CA generation.

If you think something is terribly wrong with this test please comment

3 Responses to “How badly debian/ubunutu openssl is fscked up?”

  1. Larry Osterman's WebLog : More proof that crypto should be left to the experts Says:

    Kramer auto Pingback[...] [...]

  2. orlando Says:

    Thanks for the test. I ran it in my Ubuntu 7.10 and my keys are guessable by a 5 year old child.

    I can stop to wonder: how this can happen ? Please ban this guy Kurt Roeckx from Debian package maintenance and put him to beta test GUI interfaces. Please this guy must NOT TOUCH CRYPTOGRAPHIC SYTEM CORE/PERVASIVE CODE ANY MORE.

    We ( people that support community based distros ) must learn from this: any core /system wide code like this should be peer reviewed by the whole package maintenance team, and rigourous run-time testing should be mandated with a ( do-the test-or-not-commit-anything policy )

  3. An Exception to Every Rule : Dragons in the Algorithm Says:

    [...] everything done using the RNG on Debian or Ubuntu Linux is insecure because the keys are guessable. Everything! Any SSL connection made from such a machine. Any secure certificate signed by such a machine. And [...]

Leave a Reply