Chaos Computer Club - recent audio-only feed   /     The Debian OpenSSL bug and other Public Private Keys (god2024)

Description

In early 2024, hundreds of DKIM setups still used cryptographic keys vulnerable to a bug from 2008 in Debian's OpenSSL package. Vulnerable hosts included prominent names like Cisco, Oracle, Skype, and Github. In 2022, it was discovered that printers generated TLS keys that could be trivially broken with an over 300-year-old algorithm by Pierre de Fermat. Vulnerabilities in public/private key generation are amongst the most severe ones in cryptographic software. The speaker has developed the open-source tool badkeys, a tool to check cryptographic keys for known vulnerabilities. The talk will cover some of the findings and plans for future improvements in badkeys. Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/ about this event: https://c3voc.de

Subtitle
Duration
00:21:50
Publishing date
2024-11-13 13:40
Link
https://media.ccc.de/v/god2024-56276-the-debian-openssl-bug-and
Contributors
  Hanno Böck
author  
Enclosures
https://cdn.media.ccc.de/events/god/2024/mp3/god2024-56276-eng-The_Debian_OpenSSL_bug_and_other_Public_Private_Keys_mp3.mp3
audio/mpeg