05-21-2008, 11:09 PM
XKCD offers advice in a comic strip.
![[Image: security_holes.png]](http://imgs.xkcd.com/comics/security_holes.png)
From the forums of the same site.
http://forums.xkcd.com/viewtopic.php?f=7...36#p670397
<[anonymous]> Sgeo: put simply, there were two very similar lines of code
<[anonymous]> one made valgrind mad, and was more or less useless anyway
<[anonymous]> the other was absolutely vital
<[anonymous]> both were commented out at the same time \o/
<[anonymous]> and so the crypto keys were generated based soley on the PID
<[anonymous]> anyway here's what's affected:
<[anonymous]> Any DSA key (openssl, openvpn, ssh) used on a debian or ubuntu machine since september 2006
<[anonymous]> Any RSA key generated on the same
<[anonymous]> if you're paranoid, passwords sent on a connection where either machine was affected
<[anonymous]> All those keys/passwords should be regenerated/changed
...If you understood that, you're probably going to have to regenerate your keys.
Another (better) explanation: http://metasploit.com/users/hdm/tools/debian-openssl/
From the forums of the same site.
http://forums.xkcd.com/viewtopic.php?f=7...36#p670397
<[anonymous]> Sgeo: put simply, there were two very similar lines of code
<[anonymous]> one made valgrind mad, and was more or less useless anyway
<[anonymous]> the other was absolutely vital
<[anonymous]> both were commented out at the same time \o/
<[anonymous]> and so the crypto keys were generated based soley on the PID
<[anonymous]> anyway here's what's affected:
<[anonymous]> Any DSA key (openssl, openvpn, ssh) used on a debian or ubuntu machine since september 2006
<[anonymous]> Any RSA key generated on the same
<[anonymous]> if you're paranoid, passwords sent on a connection where either machine was affected
<[anonymous]> All those keys/passwords should be regenerated/changed
...If you understood that, you're probably going to have to regenerate your keys.
Another (better) explanation: http://metasploit.com/users/hdm/tools/debian-openssl/
