Another consequence of the Debian OpenSSL security bug

October 1, 2008

Here is another consequence of the Debian OpenSSL security bug that I did not hear about (or realize) until recently: it lets an attacker steal any of your SSL certificates that were created with the broken (weak) OpenSSL versions. This includes signed certificates, with all that that entails.

How the attacker does it is simple. They get your actual certificate simply by connecting to your SSL-protected service (such as your website); the SSL protocol exchange necessarily sends them a copy of your certificate, complete with the signature of your CA. To get your private key, they just do a brute force search; there are only a few tens of thousands of possibilities. (Or they check to see if someone has already pregenerated a list of the vulnerable private/public key pairs of an appropriate bit length.)

Part of the unpleasant nature of this is that it is an entirely passive attack, at least if your SSL website or service is exposed to the open Internet. How paranoid you should be as a result of this if you had a vulnerable, signed SSL certificate is up to you.

(Locally, we missed being deeply affected by a fairly small margin; while we use Ubuntu a lot, only a few research groups had installed anything more recent than Ubuntu 6.06, and 6.06 was just early enough that it wasn't vulnerable.)

As it turns out, this isn't just a theoretical issue; Akamai had a weak key for some of their own servers and some customers, as was discovered shortly after the initial public notice of the bug. (Yes, I'm late to this particular party.)

Written on 01 October 2008.
« The consequences of your SSL certificate getting compromised
Arranging your SSL websites for very cautious people »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Wed Oct 1 23:56:40 2008
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.