On Wed, May 28, 2008 at 12:00:47AM +0100, Colin Watson wrote: > On Tue, May 27, 2008 at 05:49:59PM +0200, Patrik Fimml wrote: > > No, actually, /all/ keys I generated were allegedly weak -- this means, > > after > > executing ssh-keygen and dowkd.pl five times, I stuck to the key. > > This rings all my alarm bells. In similar cases I've had reported to me, > it always turned out that e.g. somebody had upgraded openssl but not > libssl0.9.8, or something similar.
Eek, that may indeed have been possible. :-( > > (ssh-vulnkey thinks it is fine though.) > > While I'm very confident in ssh-vulnkey's accuracy, note that > ssh-vulnkey has two different states you might interpret as "fine": "Not > blacklisted" (i.e. definitely fine) and "Unknown (no blacklist > information)" (i.e. no blacklist file installed for this key type and > size). In the most recent upload to unstable, I clarified the second > state to "Unknown (blacklist file not installed)" and added more > detailed documentation in the manual page. No, my current key is really fine. It seems that I really only upgraded openssl when trying dowkd.pl, and then upgraded everything before trying again. :-/ Sorry for the confusion. Patrik PS: second eek - originally not sent to list accidentally. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
