Re: ssl security desaster (was: Re: SSH keys: DSA vs RSA)

[Thijs Kinkhorst <thijs@xxxxxxxxxx>]

On Thursday 15 May 2008 14:04, Martin Uecker wrote:
> If I understand this correctly, this means that not only should keys
> generated with the broken ssl lib be considered compromised, but all
> keys which were potentially used to create DSA signatures by those
> broken libs.
>
> In this case, the security advisory should clearly be updated. 

The original advisory has this text:
"Furthermore, all DSA keys ever used on affected Debian systems for signing or 
authentication purposes should be considered compromised; the Digital 
Signature Algorithm relies on a secret random value used during signature 
generation."

I read there exactly the thing you describe above. What is your suggestion?

> And all advise about searching for weak keys should be removed as well,
> because it leads to false sense of security. In fact, *all* keys used
> on Debian machines should be considered compromised.

The reasoning above does not go for the more common RSA keys, so this advice 
would not be appropriate I think.

> I also wonder, what will the Debian community change in their
> processes to make such a security desaster less likely in the
> future?

You mean less likely than once in 15 years? We're open to your suggestions.


Thijs

Attachment: pgpFtDlnsEY0K.pgp
Description: PGP signature