Misplaced Parenthesis in Kernel Code Leads to Weak Keys in NetBSD 6.0

By Monday, March 25, 2013 0 No tags Permalink 0

The reason for this flaw in the code is allegedly misplaced parenthesis within the kernel source code. Because of the flaw the system could end up generating random number which wouldn’t be necessarily random. Risk is at its highest when system is booting as it has very little entropy at its disposal to generating random numbers.

32-bit systems are more vulnerable than their 64-bit counterparts as there would only be 4-billion possibilities for potential entropy, which is technically feasible to brute force considering the computing power available today.

The advisory notes that SSH keys are particularly in danger because these are generated during system boot and as the ECDSA algorithm was introduced in NetBSD with version 6 only systems where new keys were generated are particularly weak.

NetBSD developers have already released a kernel patch to fix the issue. Users are recommended that they replace the previously generated keys on their NetBSD 6.0 systems. According to the developers, error will be permanently fixed in NetBSD 6.1.