Abstract :
A patch to the OpenSSL package maintained by Debian GNU/Linux (an operating system composed of free and open source software that can be used as a desktop or server OS) submitted in 2006 weakened its pseudo-random number generator (PRNG), a critical component for secure key generation. Putting both servers and users at risk, this vulnerability affected OpenSSH, Apache (mod_ssl), the onion router (TOR), OpenVPN, and other applications. In this article, the author examines these issue and its consequences. OpenSSL is an open source library implementing the SSL (Secure Socket Layer) and TLS (Transport Layer Security) protocols. Several widely deployed applications on many OSs rely on it for secure communications, particularly Linux and BSD-based systems. Where in use, it´s a critical part of the OS´s security subsystem.
Keywords :
Linux; public domain software; public key cryptography; random number generation; software packages; Debian GNU/Linux; OpenSSL package; desktop OS; global PKI compromise; open source software; operating system; pseudo random number generator; public key cryptography; secure key generation; server OS; Application software; Communication system security; Cryptography; Libraries; Linux; Open source software; Operating systems; Packaging; Sockets; Software packages; Debian; GNU/Linux; cryptography; pki; ssh; ssl; vulnerability;
