Daniel de Kok wrote:
"Furthermore, all DSA keys ever used on affected Debian systems for
signing or authentication purposes should be considered compromised;
the Digital Signature Algorithm relies on a secret random value used
during signature generation."
Take care,
Daniel
SANS have more on this today and will likely continue to update the
story as new developments emerge:
http://isc.sans.org/
To summarise, scripts that allow brute-forcing of keys are already in
the wild - expect to see an upturn in activity on port 22 as a result.
Further, for SSL secured websites, if the public key is known, no
brute-forcing is even necessary.
Ned
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
