> On Tue, 2008-08-19 at 16:04 +0200, Patrice Dumas wrote: >> Hello, >> >> I just received the reset password mail, and it asks me to reset my ssh >> key by doing ssh-keygen. However, if I recall well I only uploaded my >> public key to the fedora server. Why would I want to reset my key pair? >> >> Maybe I am not one of the users who should reset their key, but I am >> almost sure that I sent the public key to the fedora server, and it >> seems to me that it is used for cvs access. So it is unclear if >> I 'do not use a SSH key in the Fedora Account System'. >> >> Am I missing something? Can anybody clarify? > > DSA keys can be compromised if the server you connect to is compromised. > See discussions about the recent openssl debacle for debian. > > If your key is an RSA one, to date it seem you shouldn't have problems > even if a peer server is compromised as long as your private key was not > directly exposed. > > a BIG AFAIK. My understanding is that RSA is "secure enough*" if your key is 2048 bit or higher, which incidentally is what the Inf team specified. Not sure about DSA/DSS in terms of the compromise of issue you specify. IIRC, the Debian issue was about the random seed no longer being random due to a packaging error. *i.e. unless No Such Agency really, really wants your bits > Simo. > > -- > Simo Sorce * Red Hat, Inc * New York > > -- > fedora-devel-list mailing list > fedora-devel-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-devel-list > -- novus ordo absurdum -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
