Description: Predictable RNG in the vulnerable Debian OpenSSL package
the What and the How
Recently, the Debian project announced an OpenSSL package vulnerability which they had been distributing for the last two years. This bug makes the PRNG predictable, affecting the keys generated by openssl and every other system that uses libssl (eg. openssh, openvpn).
We will talk about this bug (the speaker was the discoverer of this bug), its discovery and publication, its consequences, and exploitation. As well, we will demonstrate some exploitation tools.
For More Information please visit : - http://events.ccc.de/congress/2008/Fahrplan/speakers.en.html
Tags:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.