The first release of OpenSSL alternative LibreSSL is out, and already a researcher says he has found a "catastrophic failure" in the version for Linux.
The problem resides in the pseudo random number generator (PRNG) that LibreSSL relies on to create keys that can't be guessed even when an attacker uses extremely fast computers. When done correctly, the pool of numbers supplied is so vast that the numbers will almost never be repeated in subsequent requests, and there should be no way for adversaries to accurately predict which numbers are more likely than others to be chosen. Generators that don't produce an extremely large pool of truly random numbers can undermine an otherwise robust encryption scheme. The Dual EC_DRBG influenced by the National Security Agency and used by default in RSA's BSAFE toolkit, for instance, is reportedly so predictable that it can undermine the security of applications that rely on it.
Edge cases
A security researcher has warned that there are cases where the LibreSSL PRNG will produce identical output two or more times when running on Linux systems, something he called a "catastrophic failure." The same data can be returned when an application process is cloned—or "forked," in computing parlance—something that can happen when an operating system repeats a similar task over and over, like each time a Web server opens a new connection, for example. In most cases, LibreSSL will detect that a process has been forked because its identifier, known as a PID, will differ. In those cases, LibreSSL will automatically reseed the random numbers to ensure they're unique to the new process.
Read 7 remaining paragraphs | Comments
