Re: SSH keys: DSA vs RSA (was: Alioth and SSH: restored)

Date: Thu, 15 May 2008 01:53:55 +0200
From: "Steinar H. Gunderson" <sgunderson@xxxxxxxxxxx>
Subject: Re: SSH keys: DSA vs RSA (was: Alioth and SSH: restored)

On Wed, May 14, 2008 at 06:22:37PM -0500, Steve Greenland wrote:
>> Therefore, anyone who had a DSA key has had it compromised...
> Shouldn't that be "anyone who had a DSA key *created by the flawed
> version of openssl* has had it compromised..."? Or are you asserting
> something stronger?

No. Any key who had a single DSA signature created by the flawed version of
OpenSSL should be considered compromised. DSA requires a secret, random
number as part of the signature process; if someone figures it out, or you
use the same number twice, the entire secret key falls.

/* Steinar */
-- 
Homepage: http://www.sesse.net/

-- 
To UNSUBSCRIBE, email to debian-devel-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx

Follow-Ups:
- Re: SSH keys: DSA vs RSA (was: Alioth and SSH: restored)
  - From: nicolas vigier

References:
- SSH keys: DSA vs RSA (was: Alioth and SSH: restored)
  - From: Ben Finney
- Re: SSH keys: DSA vs RSA (was: Alioth and SSH: restored)
  - From: brian m. carlson
- Re: SSH keys: DSA vs RSA (was: Alioth and SSH: restored)
  - From: Steve Greenland

Prev by Date: Re: SSH keys: DSA vs RSA (was: Alioth and SSH: restored)
Next by Date: Re: SSH keys: DSA vs RSA (was: Alioth and SSH: restored)
Previous by thread: Re: SSH keys: DSA vs RSA (was: Alioth and SSH: restored)
Next by thread: Re: SSH keys: DSA vs RSA (was: Alioth and SSH: restored)
Index(es):
- Date
- Thread

lists-archives.org

Re: SSH keys: DSA vs RSA (was: Alioth and SSH: restored)