Cotton Rohrscheib

The Cotton Club Blog & Podcast

  • Home
  • Bio
    • Resume
  • Blog
    • Faith & Family
    • Marketing & Tech
    • Farm & Business
    • Entertainment
    • Health & Wellness
    • Urban Farming
    • Weekend Projects
  • Media
    • Newsletter
    • Photo Galleries
    • Instagram Feed
    • Video Archives
    • Podcasts
    • Music Playlists
  • Books
  • Connect
    • Rohrscheib Capital
    • Disclaimer
    • Privacy Policy
You are here: Home / Marketing & Tech / Crypto Bug Cripples Ubuntu Linux

Crypto Bug Cripples Ubuntu Linux

May 19, 2008 by Cotton Rohrscheib Leave a Comment

Fortunately we predominately run Centos Linux and aren’t affected by the Major Crypto Bug that was announced this week.  Apparently it only affects systems with the Ubuntu flavor of Linux running.  Here’s a snippet I found in PC Magazine outlining the bug exploit.

A major problem has been revealed in Debian Linux and derivative packages, such as Ubuntu . Debian revealed the other day that a fix they made back in September 2006 had the unintended consequence of crippling the strength of their OpenSSL distribution.

OpenSSL is used, of course, for Secure Sockets Layer which provides authentication and encryption for web traffic, but it’s also used for other cryptography functions. OpenSSL is a very important package that brought public key cryptography to the masses; prior to OpenSSL, https web sites were expensive and complicated to build.

The strength of public key encryption relies, in large part, on the large number of potential keys that could be used to encrypt data. Keys are often 1024 or 2048 or 4096 bits long; these store very large numbers so a brute force attack, trying all of the possibilities, could take a prohibitive amount of time.

But the bug introduced by Debian effectively reduces the strength of the key to 32768 permutations, which is 16 bits. Famed security researcher HD Moore has actually already pre-calculated all of the potential keys for the most common cases. It took mere hours. So now you can be hacked even without someone brute-forcing your encryption.

Because of it’s centrality, Linux sites are often deeply-reliant on certificates generated by OpenSSL to encrypt network traffic. Fixing the problem is not just a matter of updating the software; you also have to go back and generate new certificates and have them signed. This is complicated stuff, not for the novice Linux user. Expect tools to come along soon to help.

Originally published on Security Watch, the PC Magazine security blog.
Source:
Major Crypto Bug Cripples Ubuntu Linux Security – News and Analysis by PC Magazine

Share this post on:

  • Click to share on Facebook (Opens in new window) Facebook
  • Click to share on X (Opens in new window) X
  • Click to share on LinkedIn (Opens in new window) LinkedIn
  • Click to share on Pinterest (Opens in new window) Pinterest

Related

About Cotton Rohrscheib

The Cotton Club is a monthly podcast hosted by me, Cotton Rohrscheib. I'm a 52 year old entrepreneur w/ ADHD, OCD (and now AARP) that refuses to grow up as I grow old. I have collaborated and invested in hundreds of projects throughout my career in multiple industries such as; technology, healthcare, and agriculture. I also have 25 years experience in the marketing industry as a co-founder of an award-winning advertising agency. I will undoubtedly cover a wide variety of topics on my podcast while sharing some really crazy stories and situations that I've been fortunate to witness firsthand. I also have a book coming out in 2025 titled, "Mistakes were Made"

Please Drop Your Questions or CommentsCancel reply

Let’s Connect

  • Email
  • Facebook
  • Instagram
  • LinkedIn
  • Twitter

Recent Updates

  • Ep033: Cotton Rohrscheib & Will Scott
  • Check Your Cucumber Plants for Anthracnose
  • EP:032 – Cotton Rohrscheib & Diana DeHart
  • Challenges & Opportunities Going into 2025
  • Find us at the 2025 Arkansas Women in Agriculture Conference in Hot Springs, Arkansas

Blog Categories

  • Blog (419)
  • Entertainment (376)
  • Faith & Family (147)
  • Farm & Business (288)
  • Health & Wellness (33)
  • Marketing & Tech (584)
  • Podcasts (32)
  • Urban Farming (21)
  • Weekend Projects (1)

Listen & Subscribe

Blog Archives

Join the Cotton Club!

 

Content Copyright: 2001-2025
Cotton Rohrscheib | Rohrscheib Capital