Unbelievable Debian Security Issue
Two days ago, Debian developpers annouced a huge security breach has been introduced in libssl since september 2006 as a patch to the random number generator ([DSA 1571-1] New openssl packages fix predictable random number generator ; Debian -- Security Information -- DSA-1571-1 openssl). Unfortunately, this unstable version of libssl is the one used for a while in Debian based distributions like Ubuntu, thus all debian or Ubuntu, Kubuntu, Xubuntu (...) users are required to upgrade their version of libssl and also check all key material generated since 2006  For Gentoo users, nothing has to be done ; their non patched openssl version is ok. Again, a new reason for not using any debian based distributions... Gentoo rocks. Comments
Display comments as
(Linear | Threaded)
Just for the troll (and since anyway the entire web is filled with people giving their opinion about the topic), I get shivers when thinking of poeple using proprietary implementations of such things as the random gen and / or security protocol.
Is MS Windows using openssl ? If so, is it using their own version ? How vulnerable is it ? Can you ensure that a key pair generated on windows is unique ? Anyway, I was lucky enough that none of the key pairs I generated where compromised (although I've been using ubuntu for a while). I suppose I'll have to give gentoo a try  ... how good is it at handling hardware ? network connection ? What is the packet system ?
MS Windows is not using openssl. You cannot generate a key pair in windows. So no problem
 Gentoo has the same hardware handling as Ubuntu ; you just have to configure things a little bit more. Gentoo does not really use a packaging system. You do not really install packages on a gentoo, you build software using the Gentoo Portage
As always, let us give the last word to Randall :
http://xkcd.com/424/ |
QuicksearchCategoriesSyndicate This Blog
|
