Well, you can usually rely on Debian to be secure and stable. It still is. But a story has been published recently stating basically the Debian edited version of OpenSSL doesn't create very random keys. Looking at the source code, it appears that they commented out a line of code that obtained a block of memory (but doesn't write to it) then reads it. This is a bug in most programs as you don't know what's there but works reasonably well as a random seed.
As we no longer have such a random seed, the keys become predicable. Just like old computer games. The reason: random number generators are not actually random. I was taught at school that they follow a list of random values that is pre-set. So the same seed will produce the same numbers. Which actually proves useful for testing. Not so much for keeping things secure.
Kieran has informed me the servers have been updated (bar starfm as it takes out the playout system when we do it).
No comments:
Post a Comment