Florian Heigl wrote:
> Hi,
>
> as most are probably aware debian had a little "Oops" concerning
> openssl
> (http://wiki.debian.org/SSLkeys#head-49a0007d742a0fcc4742d630456fecc08016fbb8).
> unfortunately there is no mention of Bacula in their wiki so far.
>
> Does anyone know if
> - one should bother redoing the Bacula SD/DIR/FD/Console pass strings?
> (they're done using openssl, and so far i thought they look quite
> random
>>From what I can tell, the MD5 strings *should* be safe. That said, I
certainly wouldn't recommend against updating them.
> - someone already made scripts for regenerating the SSL/TLS keys for
> people that use this for bacula
Really, you're just going through the same process that you used in the first
place to generate the certificates. Just pretend that they all expired at the
same time, and regenerate them.
> - people who used SD encryption might want to migrate / re-encrypt as
> this might (i dont know!) be more susceptible for the weakness
Absolutely. Unless I've completely misunderstood it, data encryption still
uses openssl created certificates to secure the data, so they will be subject
to the same risk.
In other words, this vulnerability puts any encrypted Bacula volumes at risk.
--
Frank Sweetser fs at wpi.edu | For every problem, there is a solution that
WPI Senior Network Engineer | is simple, elegant, and wrong. - HL Mencken
GPG fingerprint = 6174 1257 129E 0D21 D8D4 E8A3 8E39 29E3 E2E8 8CEC
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
|