[Box Backup] New openssl packages fix predictable random number generator

[Kenny Millington]

Hi,

> By letting OpenSSL generate 1024 random characters. It's the 'openssl
> rand -out <idnumber>-FileEncKeys.raw 1024' command that is used.

Ah! That could be a problem then... (having checked by asking on
#debian) "openssl rand ..." was also affected by problem reported in the
Debian Security Advisory.

This means that if any data encryption keys were generated on vulnerable
hosts they need to be regenerated or the data cannot be considered
secure (given the amount of entropy that would have been used).

So, um, don't shoot the messenger! :o)

-- 
Kenny Millington
Systems Developer
kenny.millington@3ait.co.uk

3aIT Limited - Official Corporate Sponsor of the British Bobsleigh Team

4-10 Barttelot Rd   Horsham   West Sussex   RH12 1DQ
CoReg: 3866698   VATReg: 771388600
T: +44 (0)870 881 5097   F: +44 (0)870 116 0793

Visit www.3aIT.co.uk for Design, Systems, Support

Disclaimer:
The information contained within this email is confidential and may  
be legally privileged. It is intended solely for the addressee. If  
you are not the intended recipient, any disclosure, copying or  
distribution of this email is prohibited and may be unlawful. The  
content of this email represents the views of the individual and not  
necessarily 3aIT Limited.  3aIT Limited reserves the right to monitor  
the content of all emails in accordance with lawful business  
practice. Whilst every effort is made to ensure that attachments are  
free from computer viruses before transmission, 3aIT Limited does not  
accept any liability in respect of any virus that is not detected.