Debian developer vào 05/2006 đã chỉnh sửa lại code của OpenSSL sau khi sửa lỗi "uninitialized variable" do valgrind cảnh báo. Tuy nhiên do không hiểu đây là sự cố tình sử dụng biến không được khởi tạo như một yếu tố "ngẫu nhiễn" của OpenSSL developer, Debian developer đã loại bỏ một số đoạn mã trong hàm PRNG khiến cho cho bộ sinh số ngẫu nhiên này chỉ được "seed" bởi process pid từ hệ thống. Điều này dẫn đến thư viện OpenSSL do Debian cung cấp này chỉ sinh ra 32,768 cặp khóa duy nhất từ PRNG, đồng nghĩa với việc độ an toàn của các khóa RSA, DSA, ... chỉ còn là 15 bits.

Các mã khóa được sinh ra từ các gói có sử dụng thư viện OpenSSL bị lỗi này như SSH, OpenVPN, DNSSEC, X.509 certificates đều cần phải được sinh (generate) lại khóa từ đầu.

Đây là một ví dụ điển hình cho việc vì sao các nhà đóng gói phần mềm không nên tự ý chỉnh sửa code của các thư viện, phần mềm nếu không hiểu rõ về nó và nếu có chỉnh sửa thì nên gửi lại bản patch cho nhà phát triển của gói phần mềm đó để kiểm tra và cập nhật.

Links:

• [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
• Debian Bug report logs - #363516 - valgrind-clean the RNG
• Diff for /openssl/trunk/rand/md_rand.c between version 140 and 141

Contrary to conventional wisdom, "volatile" semiconductor memory does not entirely lose its contents when power is removed. Both static (SRAM) and dynamic (DRAM) memory retains some information on the data stored in it while power was still applied and they still hold values for a long intervals without power or refresh. This is a known [2] problem for a long long time. However, no one has ever tried (or published) any practical attack on this problem like what Princeton University researchers did.

This DRAM threat goes beyond disk encryption. Any kind of sensitive data such as password, encryption key, credit card information,... in you RAM could be stolen in just a few minutes. Due to the nature of this problem, it's hard for software based hard disk encryption solution to protect against this attack. Software based solution would be able to try to encrypt/clear the disk key whenever PC goes into inactive state (i.e screen saver, standby, hibernate) but it's not really practical and/or applicable in some cases. The white paper [1] also offers interesting algorithms & methods to find crypto keys in memory images.

If you're really care about your information, you should better to change your behavior to unmount encrypted disk and/or power-off your machine (for a while to give the memory enough time to decay) whenever you're away from your computer if you're using software based disk encryption and/or to use a hardware based disk encryption solution. It turns out that the hardware based disk encryption technology that I'm working on would be a perfect solution to help to protect against this kind of attack. For a full protection, our solution still need to fix a small problem when the computer goes into S3 (standby mode) but just a minor change. FYI, Seagate also has a hardware based hard disk encryption solution ready to use.

Links:

1. Lest We Remember: Cold Boot Attacks on Encryption Keys
   
2. Secure Deletion of Data from Magnetic and Solid-State Memory

Hulton & Steve have presented the new fast & cheap method of cracking A5/1 GSM encryption this week at BlackHat DC Security Conference 2008. This is the result of Cracking A5 and GSM scanner project which has been presented at VNSECON 07 by Steve last year.

FYI, GSM monitoring system has always been there for a long time. However, those devices are very expensive (few hundred thousands to millions USD depends on capabilities, number of channels, antenna,...) and only available to government agents.

Links:

• http://blog.washingtonpost.com/securityfix/2008/02/research_may_spell_end_of_mobi.html
• http://www.blackhat.com/html/bh-dc-08/bh-dc-08-speakers.html#Hulton
• http://wiki.thc.org/gsm
• http://wiki.thc.org/cracking_a5
  
• http://conf.vnsecurity.net/program