Debian 2008 keys bug
Debian 2008 keys bug
Posted Jan 8, 2021 23:55 UTC (Fri) by aaronmdjones (subscriber, #119973)In reply to: Bootstrappable builds by dvdeug
Parent article: Bootstrappable builds
Posted Jan 9, 2021 2:11 UTC (Sat)
by plugwash (subscriber, #29694)
[Link] (1 responses)
The key generation issue was awful, but at least you could recognise bad keys (debian shipped a package "openssh-blacklist for a long time because of this), but even worse was that traditional implementations of DSA use random numbers during the signature process and can leak bits of the key if that randomness is not sufficiently random.
This meant that any DSA key that had been merely used with the bad openssl had to be considered compromised. Since there was no way of detecting such keys, this lead to a ban in use of DSA keys on Debians infrastructure (no idea if other organsitions followed suite).
Debian was very fortunate that while it is theoretically possible to transfer keys between the gnupg world and the openssl/openssh/x509 world it was enough of a PITA that people very rarely did. So gnupg (which is the root of identity/trust in the Debian project) could still be considered safe.
Posted Jan 10, 2021 13:34 UTC (Sun)
by aaronmdjones (subscriber, #119973)
[Link]
Back then, it did, yes. OpenSSH 6.5 (adding support for Ed25519 keys) didn't arrive for another 6 years, and OpenSSH 6.8 (allowing it to be built without OpenSSL) didn't arrive for another year after that. These days you can build it without, and then it will use urandom(4) [Linux, among others] or arc4random(3) [OpenBSD].
Debian 2008 keys bug
Debian 2008 keys bug