Evo kako izgleda definicija pervazivne sigurnosti na Linuxu:
The Debian Security Advisory posted up DSA-1571-1 openssl -- predictable random number generator issue today and strongly advised its users to take steps to avoid possible compromising of any systems running on Debian, such as Ubuntu.
The researcher Luciano Bello discovered a security flaw in Debian's random number generator that allows to predict a random generated number. This is caused by an incorrect Debian change to the openssl package. As a result, cryptographic key material may be guessable.
This problem not only affects Debian, but also all its derivatives, such as Ubuntu.
It is strongly recommended that all cryptographic key material which has been generated by OpenSSL versions starting with 0.9.8c-1 on affected systems is recreated from scratch. Furthermore, all DSA keys ever used on affected systems for signing or authentication purposes should be considered compromised.
:-) Izgleda je to neki novi GNU Random Number standard - gde random i nije tako random...
Implikacije na sigurnosne kljuceve - mozete sami i da zamislite, sada mora doci do potpune zamene kljuceva u ko zna koliko sistema jer su kompromitovani i potencijalno
neupotrebljivi (tj. upotrebljivi - kriminalcima) - svi kljucevi se mogu smatrati kompromitovanim, a prevedeno na srpski to znaci da mali milion sigurnosnih kljuceva koji se koriste svuda - od SSL HTTPS protokola pa sve do potpisivanja i enkripcije finansijskih informacija vise nisu potencijalno tajni...
Ja bih se ipak drzao Windows Servera 2008 - bar generise slucajne brojeve kako valja... hahahahhaha
A evo i koda koji je rezultat truda komune u razbijanju zlog M$ monopola, radi brze i stabilnije, i ne BSOD-uje:
/* OpenSSL, Debian Flavor - This software is licensed under GPL license */
int GenerateRandomNumber() {
return 4; // chosen by fair dice roll, guaranteed to be random
}
[Ovu poruku je menjao Ivan Dimkovic dana 16.05.2008. u 22:25 GMT+1]
http://www.digicortex.net/node/1 Videos: http://www.digicortex.net/node/17 Gallery: http://www.digicortex.net/node/25
PowerMonkey - Redyce CPU Power Waste and gain performance! - https://github.com/psyq321/PowerMonkey