{"guid":"a308e387-da07-431e-b50a-04f06250d30e","title":"The Debian OpenSSL bug and other Public Private Keys","subtitle":null,"slug":"god2024-56276-the-debian-openssl-bug-and","link":"https://c3voc.de","description":"In early 2024, hundreds of DKIM setups still used cryptographic keys vulnerable to a bug from 2008 in Debian's OpenSSL package. Vulnerable hosts included prominent names like Cisco, Oracle, Skype, and Github.\n\nIn 2022, it was discovered that printers generated TLS keys that could be trivially broken with an over 300-year-old algorithm by Pierre de Fermat.\n\nVulnerabilities in public/private key generation are amongst the most severe ones in cryptographic software. The speaker has developed the open-source tool badkeys, a tool to check cryptographic keys for known vulnerabilities. The talk will cover some of the findings and plans for future improvements in badkeys.\n\nLicensed to the public under https://creativecommons.org/licenses/by-sa/4.0/","original_language":"eng","persons":["Hanno Böck"],"tags":["56276","god2024","god2024","OWASP","Saal 1","2024","Day 1"],"view_count":229,"promoted":false,"date":"2024-11-13T13:40:00.000+01:00","release_date":"2024-11-13T00:00:00.000+01:00","updated_at":"2026-03-18T11:45:08.319+01:00","length":1310,"duration":1310,"thumb_url":"https://static.media.ccc.de/media/events/god/2024/56276-a308e387-da07-431e-b50a-04f06250d30e.jpg","poster_url":"https://static.media.ccc.de/media/events/god/2024/56276-a308e387-da07-431e-b50a-04f06250d30e_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/god/2024/56276-a308e387-da07-431e-b50a-04f06250d30e.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/god/2024/56276-a308e387-da07-431e-b50a-04f06250d30e.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/god2024-56276-the-debian-openssl-bug-and","url":"https://api.media.ccc.de/public/events/a308e387-da07-431e-b50a-04f06250d30e","conference_title":"German OWASP Day 2024","conference_url":"https://api.media.ccc.de/public/conferences/god2024","related":[],"recordings":[{"size":190,"length":1310,"mime_type":"video/webm","language":"eng","filename":"god2024-56276-eng-The_Debian_OpenSSL_bug_and_other_Public_Private_Keys_webm-hd.webm","state":"new","folder":"webm-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2024-11-13T14:45:05.659+01:00","recording_url":"https://cdn.media.ccc.de/events/god/2024/webm-hd/god2024-56276-eng-The_Debian_OpenSSL_bug_and_other_Public_Private_Keys_webm-hd.webm","url":"https://api.media.ccc.de/public/recordings/81475","event_url":"https://api.media.ccc.de/public/events/a308e387-da07-431e-b50a-04f06250d30e","conference_url":"https://api.media.ccc.de/public/conferences/god2024"},{"size":54,"length":1310,"mime_type":"video/webm","language":"eng","filename":"god2024-56276-eng-The_Debian_OpenSSL_bug_and_other_Public_Private_Keys_webm-sd.webm","state":"new","folder":"webm-sd","high_quality":false,"width":720,"height":576,"updated_at":"2024-11-13T14:38:42.084+01:00","recording_url":"https://cdn.media.ccc.de/events/god/2024/webm-sd/god2024-56276-eng-The_Debian_OpenSSL_bug_and_other_Public_Private_Keys_webm-sd.webm","url":"https://api.media.ccc.de/public/recordings/81474","event_url":"https://api.media.ccc.de/public/events/a308e387-da07-431e-b50a-04f06250d30e","conference_url":"https://api.media.ccc.de/public/conferences/god2024"},{"size":151,"length":1310,"mime_type":"video/mp4","language":"eng","filename":"god2024-56276-eng-The_Debian_OpenSSL_bug_and_other_Public_Private_Keys_fhd.mp4","state":"new","folder":"h264-fhd","high_quality":true,"width":1920,"height":1080,"updated_at":"2024-11-13T14:34:57.959+01:00","recording_url":"https://cdn.media.ccc.de/events/god/2024/h264-fhd/god2024-56276-eng-The_Debian_OpenSSL_bug_and_other_Public_Private_Keys_fhd.mp4","url":"https://api.media.ccc.de/public/recordings/81473","event_url":"https://api.media.ccc.de/public/events/a308e387-da07-431e-b50a-04f06250d30e","conference_url":"https://api.media.ccc.de/public/conferences/god2024"},{"size":55,"length":1310,"mime_type":"video/mp4","language":"eng","filename":"god2024-56276-eng-The_Debian_OpenSSL_bug_and_other_Public_Private_Keys_sd.mp4","state":"new","folder":"h264-sd","high_quality":false,"width":720,"height":576,"updated_at":"2024-11-13T14:32:25.648+01:00","recording_url":"https://cdn.media.ccc.de/events/god/2024/h264-sd/god2024-56276-eng-The_Debian_OpenSSL_bug_and_other_Public_Private_Keys_sd.mp4","url":"https://api.media.ccc.de/public/recordings/81472","event_url":"https://api.media.ccc.de/public/events/a308e387-da07-431e-b50a-04f06250d30e","conference_url":"https://api.media.ccc.de/public/conferences/god2024"},{"size":19,"length":1310,"mime_type":"audio/mpeg","language":"eng","filename":"god2024-56276-eng-The_Debian_OpenSSL_bug_and_other_Public_Private_Keys_mp3.mp3","state":"new","folder":"mp3","high_quality":false,"width":0,"height":0,"updated_at":"2024-11-13T14:28:02.698+01:00","recording_url":"https://cdn.media.ccc.de/events/god/2024/mp3/god2024-56276-eng-The_Debian_OpenSSL_bug_and_other_Public_Private_Keys_mp3.mp3","url":"https://api.media.ccc.de/public/recordings/81471","event_url":"https://api.media.ccc.de/public/events/a308e387-da07-431e-b50a-04f06250d30e","conference_url":"https://api.media.ccc.de/public/conferences/god2024"},{"size":13,"length":1310,"mime_type":"audio/opus","language":"eng","filename":"god2024-56276-eng-The_Debian_OpenSSL_bug_and_other_Public_Private_Keys_opus.opus","state":"new","folder":"opus","high_quality":false,"width":0,"height":0,"updated_at":"2024-11-13T14:27:42.226+01:00","recording_url":"https://cdn.media.ccc.de/events/god/2024/opus/god2024-56276-eng-The_Debian_OpenSSL_bug_and_other_Public_Private_Keys_opus.opus","url":"https://api.media.ccc.de/public/recordings/81470","event_url":"https://api.media.ccc.de/public/events/a308e387-da07-431e-b50a-04f06250d30e","conference_url":"https://api.media.ccc.de/public/conferences/god2024"},{"size":255,"length":1310,"mime_type":"video/mp4","language":"eng","filename":"god2024-56276-eng-The_Debian_OpenSSL_bug_and_other_Public_Private_Keys_hd.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2024-11-13T14:27:39.438+01:00","recording_url":"https://cdn.media.ccc.de/events/god/2024/h264-hd/god2024-56276-eng-The_Debian_OpenSSL_bug_and_other_Public_Private_Keys_hd.mp4","url":"https://api.media.ccc.de/public/recordings/81469","event_url":"https://api.media.ccc.de/public/events/a308e387-da07-431e-b50a-04f06250d30e","conference_url":"https://api.media.ccc.de/public/conferences/god2024"}]}