By chance, flawed
When you visit this blog, your computer sends a message to the computer that hosts this site. That computer, in turn, responds with the priceless content currently being displayed by your web browser. This simple exchange, in essence, is the purpose of the internet; it provides a way for computers talk.
With so very many computers in the world, they cannot all be connected directly. Instead, messages between computers are routed around the globe by glorious web of intermediary computers, all working in tandem to get billions of information packets to their intended destinations. If it helps, you can imagine the whole network as an electronic version of UPS.
The beauty of this system is that it is decentralized, efficient, and robust. Lots of computers are all working together to send lots of information, and there is no single point of failure. A concern, however, is privacy. When your computer sends a message, the random assortment of computers that help deliver your message all have a chance to take a peek. If you are merely visiting this website, eavesdropping is hardly a concern. The content of this site is public, so there’s no problem with some nosey computer reading the sites content en route. Sometimes, however, your computer needs to send private information over the internet.
What if you send google your gmail your password? Or log in to your employer’s computer system? Or give amazon your credit card number? In all cases, the message you’re computer is sending needs to be kept secret. What’s needed is a way to put the message in some kind of “locked box”, and that’s where cryptography comes in. When private information is sent, the computers involved can encode their messages using some slightly fancy mathematics. When done properly, only those two computers will be able to decode each others messages (i.e. open each others’ boxes). The intermediate computers routing their messages will no longer be able to read their content.
Lots of folks write software that sends information over the internet, but most of these people are not about to learn how to write cryptographic protocols for securely sending messages in mathematically sealed boxes. Fortunately for everyone, there are standard tools available. One of them, called OpenSSL, implements a secure message transmission protocol called SSL.
Your computer uses SSL every time you visit a web address that begins with “https:” (instead of the standard “http”). When you see the “s”, it means that the messages your computer is sending and receiving are secure (i.e. inside a locked box). If you tell google your gmail password, and your computer is following the SSL protocol properly, your password will be safe from snoopers. Almost all software that sends private information over the internet relies on SSL. This (at least!) brings me to the point of this post.
Last week, the folks who maintain Debian, a popular version of Linux, announced that they had mistakenly altered OpenSSL. As a result, for several years, programs running on a computer using Debian Linux (or a related distribution), and relying on SSL, were critically flawed. Such programs were all sending their secure messages (as well as possibly generating user passwords) using a very small number of random numerical keys. As a result, the encrypted information could be decrypted (i.e. unlocked) by testing all possible keys. In other words, it’s as if OpenSSL, running on Debian Linux, was choosing all of its passwords from a very small dictionary.
Now most people use Windows or Mac OS X at home and at work, but many websites (and other internet services) run on computers using Linux, since it’s free and open source. When your computer sends secure information over the internet, however, you not only rely on your computer’s ability to use SSL correctly, but also on the computer you are communicating with. This computer is very likely to be running Linux, and though only certain versions of Linux were affected, this recently discovery speaks to a very serious problem. This recent (and massive) security flaw was introduced when some poorly informed developer (lots more info here, also here) modified a grand total of two (2) lines of codes. (and if you’re curious how this poor schlub got his position in the first place, here’s your answer)
If you care to read this discussion thread (which is quite technical), you’ll discover that the lines in question were causing a software debugging tool called Valgrind to report errors. The errors were due to OpenSSL telling Linux to read information from a random location in memory. Valgrind was reporting this as a mistake, since normally when a program accesses a random locations in memory, it is a mistake. In this case, however, the random information was being used to generate a random key to securely encrypt information. When the developers told Linux to ignore the two lines of code, they prevented OpenSSL from properly generating random keys. As a result, internet-related programs running on Debian Linux were all encrypting messages using a very small number of keys, which in turn made the encrypted data very easy to unlock (provided the eavesdropper was aware of this shortcoming).
In the world of computers, finding a security flaw is not uncommon, and I wouldn’t normally spend time writing such a long post about such a technical subject. My concern, however, is that this security flaw has not gotten any attention outside of the world of nerdy websites. It seems to me, however, that a computer security flaw of this magnitude (and of course the potential for even larger flaws) is a public policy issue.
A typical security flaw allows an intruder to gain access to a single computer, or perhaps a computer network, but this flaw does all that and more. With so many computers affected for such a long period of time, you have a real potential for economic disruption (dare I say, even a cyberattack).
Furthermore data encrypted by faulty versions of OpenSSL remains vulnerable even now that the flaw has been discovered (and hopefully on most computers, and faulty passwords, fixed). If someone were monitoring and recording encrypted internet communication (I imagine China does this), they could retroactively use information about the OpenSSL flaw to decrypt all sorts of recorded data. Not only would private information be revealed, but compromised passwords would make additional computer systems vulnerable. Incidentally, there are methods for ensuring that encoded information cannot be discovered retroactively, but these methods are not necessarily used by OpenSSL.