Monthly Archives: May 2008

CAcert/GnuPG/Thawte Certification & Keysigning in Budapest – Hungary on 27th of June

Leave a reply

Certification & Keysigning will be held on 27th of June (Friday evening at 18h local time) in SUN Microsystem’s office at Kapas utca 11-15, Moszkva Tér, 1027 Budapest – Hungary. You can submit your attendance and your keys latest by 15th of June (Sunday), the listing will be made on Monday. The official site about the meeting is held on CAcert wiki. The official IRC channel for this meeting is on irc.freenode.net #cacert.hu

Recent Debian private key generation vulnerability

Leave a reply

Recently discovered predictable RSA and DSA key generation vulnerabilities occurring in Debian OpenSSL packages[1][2]. As many Linux distributions are based of Debian derived distributions like the popular Ubuntu, Knoppix, Kubuntu distributions, there are a significant number of vulnerable RSA and DSA private keys around now.

SSH keys generated on Debian distros have these vulnerabilities too. This will affect SSH system administrators and users. These users should refer to available advice[3]. The rest of this advisory will focus on key and X509 certificate implications.

Description:

Users and system administrators generate RSA and DSA keys for a large number of applications[4]. Those who have OpenSSL, or any of the many applications that use OpenSSL libraries, on vulnerable platforms are affected. Those systems that allow remote access as a result of a user provided vulnerable public key may also be at risk of unauthorized access.

How is CAcert affected?

Luckly, the CAcert Root Class 1 and 3 keys are not affected as these were generated before the vulnerability was introduced into Debian[3] in September 2006. The process that signs CSR (certificate signing requests) and therefore all signed public keys does not use any key generation, so they are not affected by CAcert. Conclusion: CAcert does NOT have to reissue every signed certificate.

But if you have generated a new certificate later as August 2006 and used OpenSSL on a Debian system please read on. First is explained what actions have been undertaken by CAcert in order to recover from this vulnerability event. If you used Debian this may help you as well.

CAcert is using Debian OS and so CAcert’s internal systems were affected, as they generated predictable RSA and DSA keys for internal use, eg ssh authorized_keys for remote system administration. As SSH access is restricted to only to a few static configered IP addresses this posed only a very low risk.

The server certificates of servers like https://www.cacert.org and https://secure.cacert.org were affected by a poor key. CAcert has replaced those keys.

How can servers and clients be affected and what should you do now?

Please refer to our Debian Vulnerability Handling wiki page.

Daniel Black, system administrator for CAcert

[1] http://www.debian.org/security/2008/dsa-1571 Debian Security Advisory
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0166
[3] http://www.debian.org/security/key-rollover/
[4] http://wiki.cacert.org/wiki/DebianVulnerabilityHandling

Date of Birth information handling by CAcert

Leave a reply

Date of Birth information is needed for operational purposes and could not be dropped.

CAcert takes strong measures to maintain and guard your private information. Currently CAcert uses for individuals the full formal name, date of birth (DoB) and email/domain address(es). The DoB is used for discrimination of similar names of individuals.

A long debate on the CAcert policy email list (email:cacert-policy@cacert.org) discussed the issue if date of birth could be dropped from the archive. Alternatives for purpose of name discrimination were explored and debated upon. But it did not result in an accepted and efficient alternative.

CAcert made the decision to comply fully with the European privacy directive (EU DPA). The DoB information is however felt to be archived and needed for operational measurements at Assurance time (Web-of-Trust) and later. Alternatives, which are hopefully better in the name resolution, will continue to be investigated and solutions are challenged for.

It is noticed that the date of birth information is commonly used in the internet environment (and even more private information is made available) and that this data is poorly managed. Even some (European) governments are providing this information openly in some instances. The data of birth (and even email addresses) are only available to CAcert Assurers and only in times of assurance requests and arbitration cases if needed so. There are binding policies for the Assurers for doing so, subjected to arbitration.

Archived copies of Identity Documents should be destroyed within CAcert.

Leave a reply

CAcert will destroy archived copies of ID’s and asks their Assurers to do so as well.

When CAcert started in 2002 it was required that copies of ID’s were archived for 7-10 years in the archives of CAcert or archives of CAcert Assurers. In a later instance CAcert required to take note of ID numbers and/or social security numbers of the individual instead of the copy of the ID.  In 2006 for privacy reasons this data (copy of ID, personal numbers) was dropped. The CAcert Assurance Programme (CAP) form states however that the information should be kept 7-10 years.

As CAcert Inc. dropped the requirements for copies of ID and personal numbers the CAcert Inc. association by order of the Committee (Board) decided to remove this information from the CAcert archives and require that the CAcert Assurers who are in possession of that information to do the same: destroy archived copies of ID’s and delete social security numbers from the CAP forms. The information should be deleted with care as stated in the CAP agreement.

Warning on weak keys and random numbers

Leave a reply

Regarding the recently discovered random number vulnerability:

CAcert’s root keys are not affected, since they were created before the bug existed.
CAcert’s internal systems were affected, and are currently being cleaned up.
A lot of our users are affected.
We are currently working on improved methods to detect the vulnerabilities and inform the affected users about them.
In general, digital signatures and certificates are only affected in the case the any of the underlying keys are compromised. Signatures and certificates do not contain any additional random numbers, so they can’t be affected on their own, if the keys are not compromised.

We currently think that the articles in the media hasn’t informed everyone about the whole impact of the problem yet.

The affected distributions contain Debian, Ubuntu, Kubuntu, Knoppix, Grml, and various other Debian based distributions.
Also various embedded systems that are based on Debian are likely affected.

Regarding the applications, OpenSSL, OpenVPN, OpenXPKI, OpenCA, OpenSSH (especially client authorisation keys!), boxbackup and various other software packages are affected.

All systems that are relying on keys that were generated on affected systems are affected.
This means that you should scan all your SuSE, Fedora, Redhat, BSD, … SSH-servers for compromised keys in the authorized keys files of all users, and blacklist the compromised keys accordingly. (And the same for any other services that might rely on the compromised keys.)

If you want to assess the quality of your own random number generator, you can use our free service here:
http://www.cacert.at/random/

We are currently developing a X.509 vulnerability detection system, which will be available for all CA’s, to discover similarly compromised keys as early as possible. If you want to participate and help there, please contact us.
http://wiki.cacert.org/wiki/HashServer

Message to all non-Debian-derived vendors: Please ship blacklists and blacklist-detection software in your security updates. (Port ssh-vuln to your distribution, …) And warn your users too, not to rely on compromised keys anymore.

General information about the vulnerability:

http://wiki.debian.org/SSLkeys
http://www.debian.org/security/key-rollover/
http://www.debian.org/security/2008/dsa-1571

CAcert wieder auf dem Linuxtag 2008 in Berlin

Leave a reply
der Linuxtag 2008 vom 28.Mai bis 31.Mai in Berlin steht vor der Tür.
CAcert wird hier auch wieder mit einem Stand vertreten sein an dem sich Interressierte Besucher informieren und assuren lassen können.

Assurer und Interressierte, die gerne helfen wollen sollten sich bitte schnellstmöglich unter http://wiki.cacert.org/wiki/LinuxTag2008 erintragen, damit der Stand und ggf. Eintrittskarten geplant werden kann.