

If you're using Ruby trunk, regenerate your keys - peterhajas
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=33633

======
tptacek
A "counting bits" vs. "counting bytes" bug. Isn't crypto fun?

~~~
jrockway
Software that doesn't work goes far beyond crypto algorithms.

~~~
tptacek
That attitude is why we have so many crypto bugs. Crypto is (usually)
software, and _no_ software works 100% of the time.

------
forsaken
How common of a practice is it in the Ruby community to run the trunk version?
Is it mainly just developers, or is it pretty widely used in
production/development environments?

~~~
timsally
RVM, which is a standard tool to manage Ruby versions, does expose trunk:

    
    
      mil:~ poet$ rvm list known_strings | grep ^ruby
      ruby-head
      ruby-1.9.3-rc1
      ruby-1.9.3-preview1
      ruby-1.9.3-head
      ruby-1.9.2-p290
      ruby-1.9.2-p180
      ruby-1.9.2-head
      ruby-1.9.1-p431
      ruby-1.9.1-p378
      ruby-1.9.1-head
      ruby-1.8.7-p352
      ruby-1.8.7-head
      ruby-1.8.6-p420
      ruby-1.8.6-head
    

However, in my anecdotal experience most people run patch releases.

------
JoshTriplett
Yikes, this seems about as serious as the Debian OpenSSL bug a while back: key
generation appears to work, but produces easily broken keys.

~~~
tptacek
This is nowhere remotely nearly as bad as Debian's bug, which broke the
_underlying library_ underpinning most of the crypto on Linux, and broke _the
most universally sensitive component of that library_.

~~~
JoshTriplett
Both cases cause key generation to produce weak, easily broken keys. I agree
that far less software does key generation with Ruby than with OpenSSL, but
that aside the severity of the bug seems quite similar.

~~~
kamkha
While the effects caused by each bug might be on a similar level, I would
argue that the fact that this particular bug was never released in a patch (I
don't think I've ever seen anyone using Ruby trunk outside of those hacking
the Ruby interpreter) makes it less severe.

------
adgar
Luckily, the set of people affected is actually the intersection of people
running Ruby trunk and people using Ruby's libraries to generate keys.

------
nknight
Could someone please explain to me what this code is doing in the Ruby tree in
the first place?

My uses of OpenSSL in straight C don't involve performing this kind of bit
twiddling, or really any bit twiddling, calculation, or manipulation at all.
That's kind of the point of using OpenSSL.

~~~
jtdowney
Since the OpenSSL::PKey::RSA.generate method lets you generate RSA keys with a
different exponent there is some manipulation needed between the ruby side and
OpenSSL. From my understanding the code was part of a refactor to release the
global interpreter lock, if possible, while generating RSA keys.

