1046045 – (CVE-2007-6755) CVE-2007-6755 Dual_EC_DRBG: weak pseudo random number generator

Bug 1046045 (CVE-2007-6755) - CVE-2007-6755 Dual_EC_DRBG: weak pseudo random number generator

Summary: CVE-2007-6755 Dual_EC_DRBG: weak pseudo random number generator

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2007-6755
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1046046
TreeView+	depends on / blocked

Reported:	2013-12-23 11:20 UTC by Ratul Gupta
Modified:	2021-02-17 07:02 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-01-02 21:21:26 UTC
Embargoed:

Attachments	(Terms of Use)

Description Ratul Gupta 2013-12-23 11:20:59 UTC

Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6755 to the following vulnerability:

The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.

References:
http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/
http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html
http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html
http://rump2007.cr.yp.to/15-shumow.pdf
http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/
http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect
https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html

Comment 2 Tomas Hoger 2014-01-02 21:21:26 UTC

Cryptography libraries shipped as part of Red Hat products did not include support for Elliptic Curve Cryptography, which is used by the Dual EC DRBG, until recently.  Red Hat Enterprise Linux 6.5 add support of ECC into openssl and nss packages, limiting support to Suite B curves and their use in TLS.  Dual EC DRBG is not implemented in either of those packages.

OpenSSL upstream recently issued an announcement describing how the library uses Dual EC DRBG:

http://thread.gmane.org/gmane.comp.encryption.openssl.announce/113
https://lwn.net/Articles/578375/

This PRNG algorithm was only implemented for OpenSSL version that went through the FIPS validation, it never was part of the standard non-FIPS upstream OpenSSL version.  Additionally, OpenSSL implementation contained a bug that preventing it from working in non-test use cases.  Due to that, upstream believes that this implementation wasn't used in practice.  Rather than fixing implementation bug, Dual EC DRBG was removed from OpenSSL and will not be included in the future OpenSSL FIPS module versions:

http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=200f249

The openssl packages shipped with Red Hat Enterprise Linux did not include Dual EC DRBG implementation, not even in versions that were FIPS  validated.

Statement:

Not vulnerable. This issue did not affect cryptography library packages as shipped with Red Hat products, as they do not implement Dual EC DRBG algorithm.

Note You need to log in before you can comment on or make changes to this bug.