[Box Backup] New openssl packages fix predictable random number generator

Kenny Millington boxbackup@fluffy.co.uk
Thu, 15 May 2008 09:27:44 +0100 

Hi,

Disclaimer: I'm about to talk about stuff I don't entirely understand...
but it's a discussion right.. ;)

> That said, Box Backup uses the raw output from the prng, not the
> generated .pem files, so the FileEncKeys.raw should be considerably more
> secure - the raw data has a SHA-1 hash mixed in after all, and
> collisions in SHA-1 in this context only means that two keys have a
> finite and very small possibility of ending up the same, and they could
> conceivably do that even on a non-Debian system.

Ok, so my (probably limited understanding) is that the weakness is due
to poor random number generator seeding. Such that the seed is a very
limited space (maybe just the PID). 

I'm guessing this from the fact that ssleay_rand_seed() only calls the
bugged "ssleay_rand_add()" function. So if the seeding is poor/weak
surely (or not) that would mean the seeds were guessable (maybe just
PID) then surely it'd be trivial to iterate over all the possible seeds
generating the streams of prng output until the generated output is able
to decrypt data in the store?


It's reported on the appropriate Debian wiki[1] page that the bugged
libssl was only generating 2^15 unique keys - if this was exclusively
due to poor prng seeding then I would expect boxbackup data encryption
keys to have the same problem.

(If that makes no sense I refer you to my disclaimer above... ;))

> A regeneration of FileEncKeys.raw after upgrading OpenSSL to the latest
> verson should be considered by all Debian and -derivative users though. 

Indeed.

> Oh my! Now it's me who am going to get shot...

I think it's probably both of us...


[1] http://wiki.debian.org/SSLkeys

-- 
Kenny Millington
Systems Developer
kenny.millington@3ait.co.uk

3aIT Limited - Official Corporate Sponsor of the British Bobsleigh Team

4-10 Barttelot Rd   Horsham   West Sussex   RH12 1DQ
CoReg: 3866698   VATReg: 771388600
T: +44 (0)870 881 5097   F: +44 (0)870 116 0793

Visit www.3aIT.co.uk for Design, Systems, Support

Disclaimer:
The information contained within this email is confidential and may  
be legally privileged. It is intended solely for the addressee. If  
you are not the intended recipient, any disclosure, copying or  
distribution of this email is prohibited and may be unlawful. The  
content of this email represents the views of the individual and not  
necessarily 3aIT Limited.  3aIT Limited reserves the right to monitor  
the content of all emails in accordance with lawful business  
practice. Whilst every effort is made to ensure that attachments are  
free from computer viruses before transmission, 3aIT Limited does not  
accept any liability in respect of any virus that is not detected.