TurnKey Linux

cryptographic keys should be regenerated during installation

Reported by Alon Swartz on 2009-03-04
2
Affects Status Importance Assigned to Milestone
TurnKey Linux
Fix Released
High
Alon Swartz
2009.02-hardy-x86
New
Undecided
Unassigned

Bug Description

TurnKey appliances are vulnerable to a cryptographic weakness due to the usage of non-secret private keys.

This allows an attacker to effectively subvert encryption: decrypt traffic, perform man in the middle attacks, etc. Very bad news for a
system that relies on that encryption to survive in a hostile public network.

Alon Swartz (alonswartz) wrote :

Fix included in all appliances of the 2009.02 release.

Those using older versions are encouraged to manually regenerate their cryptographic keys
http://www.turnkeylinux.org/content/manually-regenerating-cryptographic-keys

Changed in turnkeylinux:
assignee: nobody → alonswartz
importance: Undecided → High
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers