{"guid":"import-38f4c114ce8c0462f5","title":"Predictable RNG in the vulnerable Debian OpenSSL package","subtitle":"the What and the How","slug":"25c3-2995-en-predictable_rng_in_the_vulnerable_debian_openssl_package","link":"http://events.ccc.de/congress/2008/Fahrplan/events/2995.en.html","description":"Recently, the Debian project announced an OpenSSL package vulnerability which they had been distributing for the last two years. This bug makes the PRNG predictable, affecting the keys generated by openssl and every other system that uses libssl (eg. openssh, openvpn).\n","original_language":"eng","persons":["Luciano Bello","Maximiliano Bertacchini"],"tags":["25c3"," Hacking"],"view_count":67,"promoted":false,"date":"2008-12-30T01:00:00.000+01:00","release_date":"2009-01-18T01:00:00.000+01:00","updated_at":"2026-01-05T16:00:25.560+01:00","length":3042,"duration":3042,"thumb_url":"https://static.media.ccc.de/media/congress/2008/25c3-2995-en-predictable_rng_in_the_vulnerable_debian_openssl_package.jpg","poster_url":"https://static.media.ccc.de/media/congress/2008/25c3-2995-en-predictable_rng_in_the_vulnerable_debian_openssl_package_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2008/import-38f4c114ce8c0462f5-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2008/import-38f4c114ce8c0462f5-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/25c3-2995-en-predictable_rng_in_the_vulnerable_debian_openssl_package","url":"https://api.media.ccc.de/public/events/import-38f4c114ce8c0462f5","conference_title":"25C3: nothing to hide","conference_url":"https://api.media.ccc.de/public/conferences/25c3","related":[{"event_id":1294,"event_guid":"import-e1bb0bdd72e1b3b9c2","weight":1},{"event_id":1418,"event_guid":"import-74d1d018eb33d0d9ba","weight":1},{"event_id":1543,"event_guid":"import-a17dc159cb6895d8cd","weight":1},{"event_id":2827,"event_guid":"f79c744f-30d1-4175-a173-2e760049337d","weight":1}],"recordings":[{"size":388,"length":3042,"mime_type":"video/webm","language":"eng","filename":"25c3-2995-en-predictable_rng_in_the_vulnerable_debian_openssl_package.webm","state":"downloaded","folder":"webm","high_quality":true,"width":720,"height":576,"updated_at":"2016-01-27T11:03:33.560+01:00","recording_url":"https://cdn.media.ccc.de/congress/2008/webm/25c3-2995-en-predictable_rng_in_the_vulnerable_debian_openssl_package.webm","url":"https://api.media.ccc.de/public/recordings/2313","event_url":"https://api.media.ccc.de/public/events/import-38f4c114ce8c0462f5","conference_url":"https://api.media.ccc.de/public/conferences/25c3"},{"size":388,"length":3042,"mime_type":"audio/ogg","language":"eng","filename":"25c3-2995-en-predictable_rng_in_the_vulnerable_debian_openssl_package.ogg","state":"downloaded","folder":"audio_only","high_quality":true,"width":720,"height":576,"updated_at":"2014-05-10T15:26:46.669+02:00","recording_url":"https://cdn.media.ccc.de/congress/2008/audio_only/25c3-2995-en-predictable_rng_in_the_vulnerable_debian_openssl_package.ogg","url":"https://api.media.ccc.de/public/recordings/2315","event_url":"https://api.media.ccc.de/public/events/import-38f4c114ce8c0462f5","conference_url":"https://api.media.ccc.de/public/conferences/25c3"},{"size":388,"length":3042,"mime_type":"video/mp4","language":"eng","filename":"25c3-2995-en-predictable_rng_in_the_vulnerable_debian_openssl_package.mp4","state":"downloaded","folder":"video_h264_720x576","high_quality":true,"width":720,"height":576,"updated_at":"2016-01-27T11:03:33.529+01:00","recording_url":"https://cdn.media.ccc.de/congress/2008/video_h264_720x576/25c3-2995-en-predictable_rng_in_the_vulnerable_debian_openssl_package.mp4","url":"https://api.media.ccc.de/public/recordings/2314","event_url":"https://api.media.ccc.de/public/events/import-38f4c114ce8c0462f5","conference_url":"https://api.media.ccc.de/public/conferences/25c3"}]}