[ILUG] serious Debian/Ubuntu security hole found

[Justin Mason]

Michael Watterson writes:
> paul at clubi.ie wrote:
> > Not to be cranky, but the subject line was slightly deceptive - fixed. ;)
> >
> > Amazing tale though. There's just so much to marvel at here.. E.g. is 
> > anyone else bothered by the apparent strong dependence of the OpenSSL 
> > PRNG on uninitialised memory for entropy (since when does 
> > "uninitialised" == "random")?
> >
> > The blame game at:
> >
> >     http://www.links.org/?p=327
> >
> > is fascinating.
> >
> > regards,
> If you reboot without power off the memory may have original contents
> If  POST does some kind of memory test the memory may not be random
> Depending on design of memory, the initial state after power on may not 
> be random. Actually it may never be random if enough is known of HW design.
> 
> If it is cold and power is only off a short while, the memory is 
> preserved. This has been used to demonstrate reboot from USB stick and 
> finding passwords etc still in memory from last session.
> (all bets on security are always off if you have physical local access).
> 
> It does seem indeed that two mistakes where made.
> 1) A stupid design by OpenSSL
> 2) A inept bug fix by Debian.
> 
> The only 100% way I know to get a really random number  in a PC is a 
> 3.3V zener diode (white noise generator)  read by a 50 cent PIC A/D 
> converter then read via USB or I2C by the OS, or whatever other A/D 
> converter may be available. I use a zener for filter and frequency 
> response testing from 10Hz to 2GHz. A zener feeding a wideband amplifier 
> with a BNC socket. .

guys, it's not about the uninitialized memory really, you're missing the
point.  it's about the _other_ line of code the Debian guys commented --
where good sources of external entropy are added to the pRNG.   see
http://reddit.com/info/6j7a9/comments/c03zxko

--j.