The Debian OpenSSL bug and other Public Private Keys (god2024)
Update: 2024-11-13
Description
In early 2024, hundreds of DKIM setups still used cryptographic keys vulnerable to a bug from 2008 in Debian's OpenSSL package. Vulnerable hosts included prominent names like Cisco, Oracle, Skype, and Github.
In 2022, it was discovered that printers generated TLS keys that could be trivially broken with an over 300-year-old algorithm by Pierre de Fermat.
Vulnerabilities in public/private key generation are amongst the most severe ones in cryptographic software. The speaker has developed the open-source tool badkeys, a tool to check cryptographic keys for known vulnerabilities. The talk will cover some of the findings and plans for future improvements in badkeys.
Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/
about this event: https://c3voc.de
In 2022, it was discovered that printers generated TLS keys that could be trivially broken with an over 300-year-old algorithm by Pierre de Fermat.
Vulnerabilities in public/private key generation are amongst the most severe ones in cryptographic software. The speaker has developed the open-source tool badkeys, a tool to check cryptographic keys for known vulnerabilities. The talk will cover some of the findings and plans for future improvements in badkeys.
Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/
about this event: https://c3voc.de
Comments
In Channel
Download from Google Play
Download from App Store
United States00:00
00:00
x
