Connect with us

Hi, what are you looking for?



OpenBSD Downplays PRNG Vulnerability in LibreSSL

LibreSSL, the open-source implementation of the SSL/TLS protocol forked from OpenSSL, is unsafe on Linux due to a flaw in the pseudorandom number generator (PRNG), a researcher said this week. However, the OpenBSD Project, which develops LibreSSL, believes the issue has been overblown.

LibreSSL, the open-source implementation of the SSL/TLS protocol forked from OpenSSL, is unsafe on Linux due to a flaw in the pseudorandom number generator (PRNG), a researcher said this week. However, the OpenBSD Project, which develops LibreSSL, believes the issue has been overblown.

According to Andrew Ayer, founder of secure backup service Opsmate, the PRNG in LibreSSL is less safe than the one in OpenSSL. The expert developed a test program which he linked to both OpenSSL and LibreSSL. In each case, he made two different calls to the RAND_bytes method, but in the case of LibreSSL, the same data was retuned both times, which according to Ayer, is “a catastrophic failure of the PRNG.”

Representatives of the OpenBSD Project have confirmed that it is a real issue, but they believe it’s far from being a “catastrophe,” arguing that the test code which demonstrates the problem is “very much unlike real server code.”

“Real software just isn’t written like the test code, so it’s very difficult to find a realistic situation where PID wrap would be an issue, more so to find a way that it would be realistically exploitable. So saying this is ‘unsafe’ on Linux, while technically correct, is a bit of a stretch. A ‘catastrophe’ – well, that’s pretty far out there, especially when compared to the recent OpenSSL issues,” OpenBSD developer Bob Beck told SecurityWeek.

Ayer admits that the program he created might be unrealistic, but he points out that “attackers often find extremely creative ways to manufacture scenarios favorable for attacks, even when those scenarios are unlikely to occur under normal circumstances.”

On Wednesday, the OpenBSD Project released LibreSSL 2.0.2 portable to patch the vulnerability. OpenBSD founder Theo De Raadt told SecurityWeek that the bug has been fixed by adding an additional mechanism to detect process rollover.

“We’re happy to have issues like this found – we expect to have small issues like this crop up, we want the code out there so they can be found and we can fix them, and in this case we already have,” Beck said.

“The LibreSSL-portable releases are still being handed out as trials, precisely to get reports like this and then fix them,” De Raadt explained.

Advertisement. Scroll to continue reading.

LibreSSL has been in the works since April, shortly after the existence of the OpenSSL vulnerability known as Heartbleed came to light. Over 90,000 lines of code were removed from OpenSSL in the first week, including unused code and support for older operating systems. The first release of LibreSSL portable, version 2.0.0, was made available on July 11, when the OpenBSD Project urged the community to start using it and provide feedback.

In June, Google announced its intention to fork OpenSSL to create its own security library, dubbed BoringSSL. At the time, Google and OpenBSD agreed to collaborate.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Professional services company Slalom has appointed Christopher Burger as its first CISO.

Allied Universal announced that Deanna Steele has joined the company as CIO for North America.

Former DoD CISO Jack Wilmer has been named CEO of defensive and offensive cyber solutions provider SIXGEN.

More People On The Move

Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.