LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

LK2008: The values of the Linux community

LWN.net Weekly Edition for October 9, 2008

Plugging into GCC

LWN.net Weekly Edition for October 2, 2008

Ubuntu debuts its Upstream Report

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Cryptographic weakness on Debian systems

Cryptographic weakness on Debian systems

Posted May 13, 2008 18:49 UTC (Tue) by nix (subscriber, #2304)
In reply to: Cryptographic weakness on Debian systems by elanthis
Parent article: Cryptographic weakness on Debian systems 

Even if those keys were compromised, that's OK. If the announcement is 
legitimate, then the fact that the keys are compromised is not 
problematic, because it was actually signed with the secret key. If it's 
*not* legitimate, and has been signed by a forger, then... why on earth 
would they tell us that the keys were weak, destroying their own strong 
point? (And if the message is forged and the sender is lying, being a 
nasty forger and all, well, er, a forger telling us that the keys are weak 
when they're actually *strong* seems really rather implausible.)

I'd worry much more about an announcement coming out of the blue saying 
`hey, our keys are OK, keep using them!' because that *is* an announcement 
that an attacker who'd nicked the keys might want to give out (if he 
wanted to make people like me suspicious, anyway).

(Log in to post comments)

Cryptographic weakness on Debian systems

Posted May 13, 2008 20:48 UTC (Tue) by man_ls (subscriber, #15091) [Link]

Maybe the keys are good, but the attacker wants to make you think you have to get new keys -- which he will somehow forge and supply to you. In this case you should scrutinize the ways to "sanitize" your supposedly bad keys. An example: (s)he has discovered a weak point in GPG keys, so a method to generate "good" SSL keys from "safe" GPG keys is really a way to generate "compromised" SSL keys from "unsafe" GPG keys.

It is a modern-day version of the old ploy where a fake detective comes and says: "here, your house is bugged, let me sanitize it for you", thus gaining your confidence and at the same time getting an excellent chance to install his own spying devices. You should watch him like a hawk.

On second thought, even if you follow the guy he may be clever enough to deploy spying devices even if you are watching him all the time. Or in our case: the GPG vulnerability may be subtle enough that it is hard to catch the attacker. I hope some really clever people are watching this story unfold.

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds