Description of problem: the random number generator in Debian’s openssl package is predictable. This is caused by an incorrect Debian-specific change to the openssl package (CVE-2008-0166). As a result, cryptographic key material may be guessable. More links: http://blog.cacert.org/2008/05/302.html http://blog.cacert.org/2008/05/300.html http://wiki.debian.org/SSLkeys Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: CAcert is currently implementing a global Hash-Server: http://wiki.cacert.org/wiki/HashServer http://hashserver.cacert.org/