Cryptosmith

In honor of the electoral season, I’m sharing an old photograph. The occasion was a visit by Senator John McCain (R-AZ) to Secure Computing in June, 1999. We discussed possible revisions to cryptographic export controls, and he posed for photos, holding a copy of Internet Cryptography, which was ‘recently published’ back then.

I don’t want to turn this into a political blog - this posting simply reports on the visit. Continue Reading »

Posted under Information Security | No Comments »

This is one for the books. Several OpenSSL implementations, including Denbian and its children, including Ubuntu, have been crippled since September 2006. It’s described on the metasploit web site.

The pseudo-random number generator (PRNG) was broken such that it only used the Unix process ID as the unchanging random input to the generator process. In other words, these security packages could not generate more than 32,768 different keys (since there were only 32,768 different process IDs on Unix). Continue Reading »

Posted under Information Security | No Comments »