sabato 21 giugno 2008

Rilasciato Openssl 0.9.8g, il più potente sistema di cifratura Open Source

Maria Susana Diaz | 21:34 |
Openssl 0.9.8g è il più potente sistema di cifratura Open Source per proteggere dati e connessioni di rete.

OpenSSL nel suo complesso è composto da un insieme di funzioni di cifratura e da numerose utility che permettono di usarle praticamente.

Grazie a questo toolkit è possibile inviare e-mail cifrate, comunicare in tutta sicurezza su Internet e proteggere i nostri file più importanti da sguardi indiscreti.

OpenSSL è un'implementazione open source dei protocolli SSL e TLS. Le librerie di base (scritte in linguaggio C) eseguono le funzioni crittografiche principali.
Nei diversi linguaggi di programmazione sono disponibili procedure che permettono di accedere alle funzioni della libreria OpenSSL.

È disponibile per la maggior parte dei sistemi operativi unix-like, inclusi GNU/Linux e Mac OS X, ed anche per Microsoft Windows. OpenSSL è originariamente basato sulle librerie SSLeay di Eric Young e Tim Hudson.

XBlaster 728x90

Il 13 maggio 2008 è stato scoperto un grave problema di sicurezza nel pacchetto OpenSSL di Debian GNU/Linux. La versione implementata in Debian, Ubuntu e altre distribuzioni derivate generava infatti chiavi vulnerabili.

Una correzione risalente al settembre 2006, infatti, aveva eliminato il codice che utilizzava parti della memoria non inizializzate per aumentare l'entropia del generatore di chiavi, utilizzando come valore variabile solo il numero del processo. Questa modifica aveva ridotto il numero di chiavi generabili da 21024 o 22048 a solo 215, quindi ad appena 32768 valori possibili.

Questo bug è stato rapidamente corretto ma tutte le chiavi generate su sistemi Debian e derivati nel frattempo andrebbero rigenerate.

Requirements

Minimum system requirements:
· 32MB RAM
· 200MHz CPU
· 20MB hard drive space

Recommended system requirements:
· 128MB RAM
· 500MHz CPU
· 50MB hard drive space

AsteClick - iPod Touch 32gb

CVS Repository

The OpenSSL package is developed in a CVS-based repository which is directly available through the RSYNC service on dev.openssl.org and as snapshot tarballs through FTP on ftp.openssl.org for those people who either want to always stay at the bleeding edge or even want to participate in the development of OpenSSL. But use such repository snapshots only when you like to see OpenSSL dump core and you can help yourself in case of problems, of course.
Fetching CVS repository snapshot tarballs
Tarballs containing snapshots of the latest CVS repository states can be found under ftp://ftp.openssl.org/snapshot/. They are created on a daily basis. These snapshots are provided for convenience only. When you really want to keep yourself up-to-date please use the bandwidth-friendly RSYNC service to directly mirror the CVS repository instead.
Anonymous CVS access over ssh
Read only access to the respository is possible using anonymous CVS over ssh. For example the following command will check out the HEAD:

$ cvs -d anonymous@cvs.openssl.org:/openssl-cvs co openssl

Using your own local CVS repository mirror
You can also establish a local copy of the repository through the RSYNC service and then checkout the source tree from that. This has some advantages: using RSYNC is faster than plain CVS or even CVSup access (because RSYNC saves bandwidth by using compression, the client is easily to install and the used algorithm is very fast) and only with a local repository copy you can actually work reliable and without delays (think about a cvs diff over the network).

1. Make sure you have the excellent RSYNC client program (`rsync') installed on your system. If not, please grab the RSYNC distribution first and install it. You can found RSYNC on http://samba.anu.edu.au/rsync/ and ftp://samba.anu.edu.au/pub/rsync/. We recommend you to install version 2.2.1 or higher.

2. Make sure you have the CVS program (`cvs') installed on your system. If not, please grab the CVS distribution first and install it. You can found CVS on http://www.cyclic.com/cvs/info.html and ftp://download.cyclic.com/pub/. We recommend you to install version 1.10.4 or higher.

3. With the following command you now can check which packages are available through the RSYNC service from dev.openssl.org:

$ rsync rsync://dev.openssl.org/

Here the openssl-cvs package is what you usually want to mirror. It contains the complete CVS repository and is currently about 10 MB in size.

4. Now you have to decide to which local directory you want to mirror the OpenSSL CVS repository, say /home/openssl/cvs/. Then all you have to do is setup a Cron job which regularly runs the following command:

$ rsync -rztpv --delete \
rsync://dev.openssl.org/openssl-cvs/ \
/home/openssl/cvs/

5. Finally you now can checkout your working copy of the CVS development tree into a directory, say /home/openssl/work/:

$ cvs -d /home/openssl/cvs co -d /home/openssl/work openssl

Now you have a directory /home/openssl/work/openssl/ which contains the OpenSSL source tree.

6. While development goes on you usually want to synchronize with the latest file revisions from the OpenSSL project. The RSYNC Cron job keeps your local repository copy up-to-date, but for checked out working tree you have to run the following command:

$ cd /home/openssl/work
$ cvs update -P -d .

This does actually more: When you have done local modifications to the OpenSSL sources they get merged with the updated revisions from the local repository. With this you can keep your local modifications for OpenSSL in a very handy way.

BUT REMEMBER: Because the RSYNC Cron job very time makes your local repository copy an exact mirror of the original repository on dev.openssl.org, never check-in your modifications to the local repository. They get lost on the next RSYNC update! But keeping modifications in the checked out files is safe. You just have to solve some merging conflicts from time to time via cvs update.

Inserting the OpenSSL tree into an existing CVS repository
When you already have an existing local CVS repository established (for instance by mirroring another CVS repository), say with a $CVSROOT of /home/whatever/cvs/, you can also just insert the OpenSSL development tree as a subdirectory into this existing repository. Just use this command instead of the one above:

$ rsync -rztpv --delete \
rsync://dev.openssl.org/openssl-cvs/openssl/ \
/home/whatever/cvs/openssl/

Now you can checkout the OpenSSL development tree form the existing CVS repository via:

$ cvs -d /home/whatever/repos co openssl
AsteClick - TomTom One Europe

TiPI (Ti Potrebbe Interessare)

LinuxLinks

Trovato questo articolo interessante? Condividilo sulla tua rete di contatti in Twitter, sulla tua bacheca su Facebook, in Linkedin, Instagram o Pinterest. Diffondere contenuti che trovi rilevanti aiuta questo blog a crescere. Grazie!

LINKEDIN