Skip to: Site menu | Main content

How badly debian/ubunutu openssl is fscked up?

May 13th, 2008

Executive Summary: BADLY!

At first I want to admit that this test may be silly but is fast and simple
All test were done on my Lenovo Z61p running recent Fedora9 – debian openssl was compiled from source

So, how to test what commenting out one line in openssl code changes?

Let’s generate some random numbers using openssl. Quick, dirty and lame solution: 

$ for i in `seq 100000`; do ./openssl rand -base64 40 >> test; done

and now quick check for randomness of this data: 

$ wc -l test; cat test | sort| uniq -c | sort | tail

Results:

Fedora openssl:

mag@viper:~$ wc -l test

100000 test   

mag@viper:~$ wc -l test; cat test | sort| uniq -c | sort | tail

100000 test

      1 ZzvfJF8Sh8s59kU+/hNoK8F4FfbyIoG7qY9NObjd24PwvMzm6CHuzw==

      1 ZZVN89z8LONs8nbk49enpEYbm47iZF8bFc0kvFwyEr0MzLuzOiQqQA==

      1 zZwbc+wuPBMCdR6gEXjkkaxrFF+Capaw8INv0DPhi8paqcTbvxX86w==

      1 ZZx1dP0xMsceZl9ozVeUvQgEP9AmE/56a+CgdIO8kCCDI6DdDTrxeA==

      1 zzxnavFvysTxniMWv+a0Rxyu1XtCZ2UZN5pVAB3b5FAtIZx+5EttqA==

      1 ZzyKbqW87iekJtK9niDu0FwKnR5ENXnKdKJFcCbNAp2qqEw9yrTn5A==

      1 zZZ9K7L4n7qKH5E5GYDaIZLchQvSn7e/g1FPL8SmZF+NW+1i3H3XRw==

      1 Zz/z9kwIDywXrxtrTNmWy9gFGGcass9k3g8fe8DTae3lCiAukILUtg==

      1 +zZ/ZKKqv5YQagg3HSpp2hLrFSuPIRRg0nDOEwZ2hf935Gk6zS7TFA==

      1 zZZwoogf3Ib5Xg9WMnMU/4IP2mbbvXhuecSnofxqscLg1QpA4R6N3g==

Everything looks fine all seeds are unique, now debian openssl:

Debian openssl: 

mag@viper:~/tmp/openssl-0.9.8g/apps$ wc -l test

100000 test   

mag@viper:~/tmp/openssl-0.9.8g/apps$ wc -l test; cat test | sort| uniq -c | sort | tail

100000 test

      4 zYgla7UVURkIGH9Bol2otXKSTYfr/NBIVZa/68FKeidHgbtSAIVNog==

      4 zYJLIAIxG8AMtrf6smNMsdZFBADCQPyuZHQTmGFWnJg6PwESLL2e8g==

      4 ZyKePqCM93yGcYkNxlHJ0/y7ZOhAEtXJyyi4H6JVzUcRpe+2zhJeZg==

      4 zyuCidG1FPJm8Ut4CshJvI5A+g3SDvmFZ4lIN+ESUCA/m8DU1aJ5ww==

      4 ZZbFf3M7R0Pl+VPkJD9TJzsqSVbgCxydAJVzS8f752pYfXCyzVNP1g==

      4 zzrbuvwbw8XN61Bygi8KEKMUI7qOVZmQmglJYua/Zp7dDFH/Z45mJQ==

      4 zztQ5wdvkWiwCIEJpkSvyqkrVgb32UccogSmZwNRlLH7ieIZvXU+/A==

      4 zZUGNwhNUFHCdkPnHFYW0ME1+MlFwSo3eb1rLOwjDfL5FyHHqvFQ4g==

      4 zZVYlHlCIH4XHveWvvWgES2AwHuhy3aiIQk2JvyE7T3VKdNCWZU9QA==

      4 zzZPx/Z5iE29WkCpTVKunmo102m4p3GYHzXZ6B/TRgKSUFkJScGVqA==

Quick interpretation of results – first column is count of repeating seed. So in 100000 tries debian openssl random() generated 4 times same 40 byte string.
This was used for openssh/ssl/etc key generation…

Conclusion: debian openssl was UNABLE to generate random numbers AT ALL!

and nobody noticed :-/

I leave the rest to you, happy regenerating all CA and ssl certificates. I only wonder what if Verisign or other “trusted” company used this for main CA generation.

If you think something is terribly wrong with this test please comment

Posted in debian, software |
You can leave a response, or trackback from your own site.

11 Responses to “How badly debian/ubunutu openssl is fscked up?”

  1. Urdiendo Says:
    May 17th, 2008 at 3:29 pm

    links from Technorati(trata sobre las implicaciones del bug en otras distribuciones) Webs con herramientas: http://metasploit.com/users/hdm/tools/debian-openssl/http://www.securityfocus.com/archive/1/492112/30/0/threadedhttp://mag.entropy.be/blog/2008/05/13/how-badly-debianubunutu-openssl-is-fscked-up/(se puede ver el número de repeticiones de claves que hace openssl de una forma muy sencilla y rápida)

  2. Larry Osterman's WebLog : More proof that crypto should be left to the experts Says:
    May 14th, 2008 at 6:12 am

    Kramer auto Pingback[...] http://mag.entropy.be/blog/2008/05/13/how-badly-debianubunutu-openssl-is-fscked-up/ [...]

  3. orlando Says:
    May 14th, 2008 at 2:10 pm

    Thanks for the test. I ran it in my Ubuntu 7.10 and my keys are guessable by a 5 year old child.

    I can stop to wonder: how this can happen ? Please ban this guy Kurt Roeckx from Debian package maintenance and put him to beta test GUI interfaces. Please this guy must NOT TOUCH CRYPTOGRAPHIC SYTEM CORE/PERVASIVE CODE ANY MORE.

    We ( people that support community based distros ) must learn from this: any core /system wide code like this should be peer reviewed by the whole package maintenance team, and rigourous run-time testing should be mandated with a ( do-the test-or-not-commit-anything policy )

  4. Betting systems Says:
    July 9th, 2008 at 5:19 pm

    Nice blog,i will come back here everyday, greetings

  5. lsi Says:
    September 6th, 2008 at 9:05 pm

    thanks a lot for this nice web site. it would be better with other languages, bur thanks..

  6. An Exception to Every Rule : Dragons in the Algorithm Says:
    December 31st, 2008 at 10:54 pm

    [...] everything done using the RNG on Debian or Ubuntu Linux is insecure because the keys are guessable. Everything! Any SSL connection made from such a machine. Any secure certificate signed by such a machine. And [...]

  7. Luciano’s webpage » cryptographic apocalypse Says:
    April 18th, 2009 at 9:31 pm

    Kramer auto Pingback[...] test podria haber sido el siguiente ( extraido de http://mag.entropy.be/blog/2008/05/13/how-badly-debianubunutu-openssl-is-fscked-up [...]

  8. Alexandra Blackburn Says:
    July 24th, 2011 at 12:29 pm

    Good morning – good blog post Who knows is there a cheaper SMS message marketing service for stores @ California than 12stores.com? They only cost 9 dollars per 4 weeks which is not much, however l have 2 deliver three more alternatives for my pals.

  9. # Says:
    November 20th, 2011 at 3:20 am

    ” what’s more, it return with in your thoughts in regards to the morning I ran into my hubby.

  10. Canada Goose,Canada Goose Sale Says:
    December 22nd, 2011 at 3:32 am

    Concerning came in order to my final decision your heading inch

  11. apple xp themes Says:
    January 2nd, 2012 at 6:53 am

    heya things that are the websites like myspace web page.

Leave a Reply

« Previous:
Next: »