CVE Id Assigned for GNU Classpath Vulnerability
The error in the GNU Classpath PRNG that I described last month has been assigned an identifier in the Common Vulnerabilities and Exposures list: CVE-2008-5659.
Unfortunately a new version of Classpath with a fixed PRNG still remains to be released, so it seems I'm going to have to sit on the demonstration code showing how to derive DSA private keys for a while longer. At some point it would be nice to also verify that RSA and DH keys can also be compromised, perhaps with a sexy little app that compromises SSL/TLS sessions or something along those lines, but I am currently suffering a shortage of round tuits.
Posted in security at 2009/01/21 12:18; 0 comments
< Optimizing Forward Error Correction Coding Using SIMD Instructions | Isn't Autoconf Supposed To Be, Well, Automatic? >