When private keys are public: results from the 2008 Debian OpenSSL vulnerability

@inproceedings{Yilek2009WhenPK,
  title={When private keys are public: results from the 2008 Debian OpenSSL vulnerability},
  author={Scott Yilek and Eric Rescorla and Hovav Shacham and Brandon Enright and Stefan Savage},
  booktitle={Internet Measurement Conference},
  year={2009}
}
We report on the aftermath of the discovery of a severe vulnerability in the Debian Linux version of OpenSSL. Systems affected by the bug generated predictable random numbers, most importantly public/private keypairs. To study user response to this vulnerability, we collected a novel dataset of daily remote scans of over 50,000 SSL/TLS-enabled Web servers, of which 751 displayed vulnerable certificates. We report three primary results. First, as expected from previous work, we find an extremely… CONTINUE READING

Citations

Publications citing this paper.
SHOWING 1-10 OF 85 CITATIONS, ESTIMATED 35% COVERAGE

Weak Keys Remain Widespread in Network Devices

  • Internet Measurement Conference
  • 2016
VIEW 15 EXCERPTS
CITES METHODS & BACKGROUND
HIGHLY INFLUENCED

The Attack of the Clones: A Study of the Impact of Shared Code on Vulnerability Patching

  • 2015 IEEE Symposium on Security and Privacy
  • 2015
VIEW 6 EXCERPTS
CITES BACKGROUND & METHODS
HIGHLY INFLUENCED

Empirical analysis of Public Key Infrastructures and Investigation of Improvements

VIEW 3 EXCERPTS
CITES BACKGROUND & RESULTS
HIGHLY INFLUENCED

Instantiability of RSA-OAEP Under Chosen-Plaintext Attack

  • Journal of Cryptology
  • 2011
VIEW 2 EXCERPTS
CITES BACKGROUND
HIGHLY INFLUENCED

Reconstructing RSA Private Keys from Random Key Bits

  • IACR Cryptology ePrint Archive
  • 2008
VIEW 2 EXCERPTS
CITES METHODS
HIGHLY INFLUENCED

FILTER CITATIONS BY YEAR

2008
2018

CITATION STATISTICS

  • 7 Highly Influenced Citations

  • Averaged 12 Citations per year over the last 3 years

References

Publications referenced by this paper.
SHOWING 1-5 OF 5 REFERENCES

Security Holes . . . Who Cares?

  • USENIX Security Symposium
  • 2003
VIEW 11 EXCERPTS
HIGHLY INFLUENTIAL

SSL server security survey

E. Murray
  • 2000
VIEW 9 EXCERPTS
HIGHLY INFLUENTIAL

Similar Papers

Loading similar papers…