[ILUG] Ubuntu/Debian OpenSSL question
James McCarthy
James.McCarthy at Sun.COM
Sat May 24 00:18:57 IST 2008
I guess I could have been more specific, openssl is the default ssl
implementation on most Linux boxen (AFAIK), although I have to say I
didn't know OpenSSH (default ssh on Linux boxen again) used ssl, I
always thought the OpenBSD guys only used their own tools when it came
to encryption.
David Golden wrote:
> On Friday 23 May 2008, James McCarthy wrote:
>
>> It is my understanding that Ubuntu disc encryption is provided by
>> dm-crypt, which makes use of crypto api in the Linux kernel. And does
>> not use anything from OpenSSL, meaning the flaw announced is not
>> applicable?
>>
>
> Well, it's almostc certainly not applicable, but your phrasing is a bit
> loose, hinging on what you understand by "from OpenSSL":
>
> Any ssh or ssl keypairs generated by ("from"...) the debian-mangled
> OpenSSL are weak. Stuff secured with such a keypair is at risk -
> doesn't matter if it's not using openssl at runtime, doesn't matter if
> it's not running on debian/debianoids.
>
> HOWEVER, you don't usually use such keypairs in any part of a dm-crypt
> setup. :-)
>
> You could have gone out of your way to involve openssl... but you'd
> almost certainly know it if you had:
> http://www.debian.org/security/key-rollover/#cryptsetup
>
--
- James McCarthy
Software Engineer
Solaris PIT Group
Sun Microsystems Ireland.
--------------------------
Phone: +353-1-8119283
Email: james.mccarthy at sun.com
Blog: http://blogs.sun.com/breakdown
--------------------------
More information about the ILUG
mailing list