The consequences of the Debian OpenSSL compromise

December 26, 2008

Although this is rather behind the times, I don't think I've seen the practical consequences of the Debian OpenSSL vulnerability written down clearly and in one place. So here is my list, concentrating on SSH and SSL certificates:

  • SSH host keys and personal SSH keys generated on a vulnerable system are entirely compromised.
  • OpenSSL generated SSL certificates are compromised. This especially includes signed certificates used on public websites; if this applies to you, get ready to explore the marvelous world of certificate compromises.
  • any SSH DSA key used from a vulnerable machine could have been compromised.

  • pretty much any SSH session involving a vulnerable machine (on either end) can be decrypted by an attacker, because of how SSH does encryption. It is important to understand that this has nothing to do with whether or not you are using vulnerable keys and either end can destroy the effectiveness of the session encryption.

  • even with uncompromised SSL certificates, some SSL sessions involving a vulnerable machine (on either end) can be decrypted. Affected sessions are those using SSL forward secrecy.
  • I believe that most sessions not using SSL forward secrecy can be decrypted if they involve a compromised SSL certificate, regardless of whether the session involves any vulnerable machines.

Or in short: even if you are not using bad keys or certificates, a vulnerable system is still bad news.

Complicating the SSL situation is the issue of which source of SSL libraries an application uses. Some number of Debian systems have both OpenSSL and GNUTLS installed, and GNUTLS is not vulnerable. So an application using GNUTLS does not lose any perfect forward secrecy it had, while if it did not have PFS, its sessions are still vulnerable if it was using a compromised certificate generated by OpenSSL. (The converse is true; a certificate generated by GNUTLS on a vulnerable system is not vulnerable.)

(OpenSSH always uses OpenSSL and people usually generate certificates with OpenSSL, although not always. Web servers, IMAP servers, and so on can vary widely, although in practice most use OpenSSL.)

Note: 'Debian' here includes all Debian derived distributions, which includes at least Ubuntu (and its variants), Knoppix, and Xandros.

Written on 26 December 2008.
« My view of Sun and their history
Email marketing is pretty much spam »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Fri Dec 26 02:19:12 2008
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.