Same password for leaked private key - Openssl

This is a discussion on Same password for leaked private key - Openssl ; Hello, due to the recent vulnerability in Debian related to SSL I am regenerating some SSL certificates used in my organization. My certificates are issued with the following command, which prompt for a password: openssl req -new -x509 -keyout ca_key.pem ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Same password for leaked private key

  1. Same password for leaked private key

    Hello,

    due to the recent vulnerability in Debian related to SSL I am
    regenerating some SSL certificates used in my organization. My
    certificates are issued with the following command, which prompt for a
    password:

    openssl req -new -x509 -keyout ca_key.pem -out ca_cert.pem -days 3650

    I am wondering if it is safe to reuse the same password to protect the
    private keys associated to the certificates generated. My understanding
    is that there should be no problem since a different salt is used every
    time in private key PEM files and the hash/encryption algorithm used is
    not vulnerable to known-plaintext attacks. Is my assessment of the
    situation correct?

    Thanks a lot,
    Laurent Birtz
    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


  2. Re: Same password for leaked private key

    This is correct. There is also an additional mitigating factor: the
    private key files themselves (either in plaintext or ciphertext) are
    never seen by any attacker. The keys generated by the vulnerable
    versions of Debian are vulnerable simply because they have low
    entropy, and can thus be easily guessed.

    This means that neither your passphrase nor information related to the
    use of your passphrase should ever have been exposed by your
    Debian-based systems, regardless of whether your keys were generated
    by a vulnerable installation.

    (I suggest obtaining additional verification before relying on this
    assessment. I assume, though, that you're asking because it would be
    difficult to change all the places that your current passphrase is
    recorded; I might also suggest, as a matter of practical security,
    that it might be a good idea to identify all the places the passphrase
    is used and write them down in the event that some more pressing
    reason is found in the future to change it -- such as an employee with
    privileged access leaves your organization.)

    -Kyle H

    On Sat, May 24, 2008 at 5:27 PM, Laurent Birtz
    wrote:
    > Hello,
    >
    > due to the recent vulnerability in Debian related to SSL I am
    > regenerating some SSL certificates used in my organization. My
    > certificates are issued with the following command, which prompt for a
    > password:
    >
    > openssl req -new -x509 -keyout ca_key.pem -out ca_cert.pem -days 3650
    >
    > I am wondering if it is safe to reuse the same password to protect the
    > private keys associated to the certificates generated. My understanding
    > is that there should be no problem since a different salt is used every
    > time in private key PEM files and the hash/encryption algorithm used is
    > not vulnerable to known-plaintext attacks. Is my assessment of the
    > situation correct?
    >
    > Thanks a lot,
    > Laurent Birtz
    > __________________________________________________ ____________________
    > OpenSSL Project http://www.openssl.org
    > User Support Mailing List openssl-users@openssl.org
    > Automated List Manager majordomo@openssl.org
    >

    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


  3. Re: Same password for leaked private key


    Kyle Hamilton wrote:
    > This is correct. There is also an additional mitigating factor: the
    > private key files themselves (either in plaintext or ciphertext) are
    > never seen by any attacker. The keys generated by the vulnerable
    > versions of Debian are vulnerable simply because they have low
    > entropy, and can thus be easily guessed.
    >
    > This means that neither your passphrase nor information related to the
    > use of your passphrase should ever have been exposed by your
    > Debian-based systems, regardless of whether your keys were generated
    > by a vulnerable installation.
    >
    > (I suggest obtaining additional verification before relying on this
    > assessment. I assume, though, that you're asking because it would be
    > difficult to change all the places that your current passphrase is
    > recorded; I might also suggest, as a matter of practical security,
    > that it might be a good idea to identify all the places the passphrase
    > is used and write them down in the event that some more pressing
    > reason is found in the future to change it -- such as an employee with
    > privileged access leaves your organization.)
    >

    Thanks for the information. Someone else suggested (off the list) that it
    would be best to assume that the passwords are compromized anyway.
    Hence I went ahead and replaced all the passphrases, which has you
    suggest has the added benefit of identifying who knows which passphrase.

    Thanks to all who replied!
    Laurent Birtz

    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


+ Reply to Thread