Re: OpenSSL/SSH Bug on Debian - Compromised key pairs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Thu, May 15, 2008 at 2:19 PM, Daniel de Kok <me@xxxxxxxxxxxx> wrote:
> Yes, it is very important to follow up on this issue as soon as you
> can (now) to see if any of your keys or those of your users are
> affected. Additionally, it should be noted that in the case of *DSA*
> keys, this can even affect users who do have good keys but used them
> to communicate with a Debian server with the botched OpenSSL.

Jikes, rereading this, this does not seem accurate at all. Let me just
quote the advisory:

"Furthermore, all DSA keys ever used on affected Debian systems for
signing or authentication purposes should be considered compromised;
the Digital Signature Algorithm relies on a secret random value used
during signature generation."

Take care,
Daniel
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux