This last week (the 13th of May 2008) they announced a jaw-dropping security hole in the Debian OpenSSL package. This Bug was introduced on May 2nd 2006 (relased in September?) and fixed on May 13th 2008.
What was the Bug? Basically the randomness of the key generation processes was severly inhibited, thus making it feasible to guess (by brute force) the private keys. Someone commented out a block of code that was nessesary to guarentee the randomness of the key that was to be generated.
* Don't add uninitialised data.
MD_Update(&m,buf,j); /* purify complains */
Ok what does that mean? It means that someone could listen in on your communications that you thought were secure. Sniff passwords, ssh into machines you don’t own, etc.
I was happy to get an urgent update from the Ubuntu update manager in such a short amount of time. I like that I was able to patch my systems so quickly. I am floored that this bug was allowed to happen for the last 2 years
Many people have explained the fiasco/bug in more depth; here are some of my favorites
- Good Technical explaination — http://metasploit.com/users/hdm/tools/debian-openssl/
- Thread explaining the Comic — http://forums.xkcd.com/viewtopic.php?f=7&p=670397
- The actual annoucement — http://www.debian.org/security/2008/dsa-1571
I explained in a previous post on distributed computing, that one of my parallel programming courses in college required us to find the seed and depth of a sequence of random numbers (very similar to the generation of rainbow tables or brute force password/key checking). I’m sure that a few slight modifications to that code and I would have a workable, scalable and efficient brute force attack. Am I going to do this? no. Can you have the code? Yes…and by yes I mean no. Realistically anyone skillful enough to capture and stage an attack would have the skills to formulate this on their own.
H D Moore over at metasploit – calculated that it would take his 31 Xeon cores approximately 2 hours to brute force 2048bit RSA Keys, and ~ 100 hours (3100 CPU hours) to brute force a 8192 bit RSA key path, and 100,000 hours (3,100,000 CPU Hours) to brute force a 16384 RSA Key assuming the max-breadth to find the pair.
With a tool like Amazon’s Ec2, this would allow you to scale this application as far as your pocket book would allow Well there is an actual limits, but it could be expanded by Amazon to handle your requests.
I’m thinking something along the lines of 10,000 Extra large instances. So that would be 80,000 cores, which would handle the 3,100,000 CPU hours in just 38.75 hours (yea, I know Ec2 core != Xeon … its just for illustration). 3,100,000 hours of computing could be completed in just over 3 days!!!! with Amazon’s current pricing model, it would end up costing you $8000 per hour to run those 10,000 Large instances. So the total bill (not including storage or testing time) would be around $310,000 to complete the processing. I guess I have better things to do with $310k. $310 is the most that you would pay, statistically you’d end up paying ~ $160k if you had to average it out. and that for 16384 bit RSA key pair. the most common would be 1024 or 2048 bit RSA keys.
For a large organization such as the government, this would be cake money. I’d be willing to bet that they already have much more computing horsepower than Amazon has at the disposal of EC2. I love open source projects, but with so much going on at many levels, open projects can leave themselves open to bugs like this. I guess thats why many projects go for the benevolent dictator approach. Someone has to understand, and coordinate the project as a whole. It will be interesting to see the fallout of this issue.
This definitely got me to further my thoughts on Open Source Software.
What do you think?