Steve Greenland <[EMAIL PROTECTED]> writes: > "brian m. carlson" <[EMAIL PROTECTED]> wrote:
>> Therefore, anyone who had a DSA key has had it compromised... > Shouldn't that be "anyone who had a DSA key *created by the flawed > version of openssl* has had it compromised..."? Or are you asserting > something stronger? He's asserting something stronger. As I understand it, if you use a perfectly valid and strong DSA key with a weak nonce (such as from a broken random number generator), you just revealed your DSA key to someone who knows what to look for and can brute-force or otherwise determine the nonce. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
