Skip to: Site menu | Main content

How badly debian/ubunutu openssl is fscked up?

Executive Summary: BADLY!

At first I want to admit that this test may be silly but is fast and simple
All test were done on my Lenovo Z61p running recent Fedora9 – debian openssl was compiled from source

So, how to test what commenting out one line in openssl code changes?

Let’s generate some random numbers using openssl. Quick, dirty and lame solution:

$ for i in `seq 100000`; do ./openssl rand -base64 40 >> test; done 

and now quick check for randomness of this data:

$ wc -l test; cat test | sort| uniq -c | sort | tail   


Fedora openssl:

mag@viper:~$ wc -l test

100000 test   

mag@viper:~$ wc -l test; cat test | sort| uniq -c | sort | tail

100000 test

      1 ZzvfJF8Sh8s59kU+/hNoK8F4FfbyIoG7qY9NObjd24PwvMzm6CHuzw==

      1 ZZVN89z8LONs8nbk49enpEYbm47iZF8bFc0kvFwyEr0MzLuzOiQqQA==

      1 zZwbc+wuPBMCdR6gEXjkkaxrFF+Capaw8INv0DPhi8paqcTbvxX86w==

      1 ZZx1dP0xMsceZl9ozVeUvQgEP9AmE/56a+CgdIO8kCCDI6DdDTrxeA==

      1 zzxnavFvysTxniMWv+a0Rxyu1XtCZ2UZN5pVAB3b5FAtIZx+5EttqA==

      1 ZzyKbqW87iekJtK9niDu0FwKnR5ENXnKdKJFcCbNAp2qqEw9yrTn5A==

      1 zZZ9K7L4n7qKH5E5GYDaIZLchQvSn7e/g1FPL8SmZF+NW+1i3H3XRw==

      1 Zz/z9kwIDywXrxtrTNmWy9gFGGcass9k3g8fe8DTae3lCiAukILUtg==

      1 +zZ/ZKKqv5YQagg3HSpp2hLrFSuPIRRg0nDOEwZ2hf935Gk6zS7TFA==

      1 zZZwoogf3Ib5Xg9WMnMU/4IP2mbbvXhuecSnofxqscLg1QpA4R6N3g==   

Everything looks fine all seeds are unique, now debian openssl:

Debian openssl:

mag@viper:~/tmp/openssl-0.9.8g/apps$ wc -l test

100000 test   

mag@viper:~/tmp/openssl-0.9.8g/apps$ wc -l test; cat test | sort| uniq -c | sort | tail

100000 test

      4 zYgla7UVURkIGH9Bol2otXKSTYfr/NBIVZa/68FKeidHgbtSAIVNog==

      4 zYJLIAIxG8AMtrf6smNMsdZFBADCQPyuZHQTmGFWnJg6PwESLL2e8g==

      4 ZyKePqCM93yGcYkNxlHJ0/y7ZOhAEtXJyyi4H6JVzUcRpe+2zhJeZg==

      4 zyuCidG1FPJm8Ut4CshJvI5A+g3SDvmFZ4lIN+ESUCA/m8DU1aJ5ww==

      4 ZZbFf3M7R0Pl+VPkJD9TJzsqSVbgCxydAJVzS8f752pYfXCyzVNP1g==

      4 zzrbuvwbw8XN61Bygi8KEKMUI7qOVZmQmglJYua/Zp7dDFH/Z45mJQ==

      4 zztQ5wdvkWiwCIEJpkSvyqkrVgb32UccogSmZwNRlLH7ieIZvXU+/A==

      4 zZUGNwhNUFHCdkPnHFYW0ME1+MlFwSo3eb1rLOwjDfL5FyHHqvFQ4g==

      4 zZVYlHlCIH4XHveWvvWgES2AwHuhy3aiIQk2JvyE7T3VKdNCWZU9QA==

      4 zzZPx/Z5iE29WkCpTVKunmo102m4p3GYHzXZ6B/TRgKSUFkJScGVqA==  

Quick interpretation of results – first column is count of repeating seed. So in 100000 tries debian openssl random() generated 4 times same 40 byte string.
This was used for openssh/ssl/etc key generation…

Conclusion: debian openssl was UNABLE to generate random numbers AT ALL!

and nobody noticed :-/

I leave the rest to you, happy regenerating all CA and ssl certificates. I only wonder what if Verisign or other “trusted” company used this for main CA generation.

If you think something is terribly wrong with this test please comment

6 Responses to “How badly debian/ubunutu openssl is fscked up?”

  1. Larry Osterman's WebLog : More proof that crypto should be left to the experts Says:

    Kramer auto Pingback[...] [...]

  2. orlando Says:

    Thanks for the test. I ran it in my Ubuntu 7.10 and my keys are guessable by a 5 year old child.

    I can stop to wonder: how this can happen ? Please ban this guy Kurt Roeckx from Debian package maintenance and put him to beta test GUI interfaces. Please this guy must NOT TOUCH CRYPTOGRAPHIC SYTEM CORE/PERVASIVE CODE ANY MORE.

    We ( people that support community based distros ) must learn from this: any core /system wide code like this should be peer reviewed by the whole package maintenance team, and rigourous run-time testing should be mandated with a ( do-the test-or-not-commit-anything policy )

  3. An Exception to Every Rule : Dragons in the Algorithm Says:

    [...] everything done using the RNG on Debian or Ubuntu Linux is insecure because the keys are guessable. Everything! Any SSL connection made from such a machine. Any secure certificate signed by such a machine. And [...]

  4. Patricia Says:

    Thanks for the update. What rlaley needs to be improved however, is the notification settings it is very hard to know when you have a new IM if you’re not sitting at your computer. It would be nice to be able to have the message stay on top of other windows until it is clicked on something to make it more visible. Also, the sounds are rlaley bad, and there needs to be more options for notification sounds, etc. The tick-tick-tick isn’t intuitive and it would be nice to have sounds and visual interface more in line with what the big IM’s are using (MSN, AOL, Skype).

  5. Says:

    Hab es jetzt mal nachgesehen. Hinten neben dem Stromanschluss ist eine Taste. Wenn Du die länger als 1-2 Sekunden gedrückt hältst kommst Du in den Modus zur Zeiteinstellung. Jetzt kannst Du mit der SET-Taste zwischen Stunden und Minuten wechseln und mit den Lautstärketasten die Zeit verstellen. Nochmaliges Drücken der SET-Taste beendet die Zeiteinstellung. Viel Erfolg!

  6. สาย aux ราคา Says:

    We absolutely love your blog and find most of your post’s to be what precisely I’m looking for.
    Does one offer guest writers to write content for you personally?
    I wouldn’t mind creating a post or elaborating on many of the subjects you write concerning here.
    Again, awesome web log!

Leave a Reply