On May 14, 2008, at 5:22 PM, Darrin Chandler wrote:
On Thu, May 15, 2008 at 01:45:51AM +0200, raven wrote:
A decent analysis can be found here... just to understand what can
do a
comment /* */ :)
http://blog.drinsama.de/erich/en/linux/2008051401-consequences-of-sslssh-weakness.html
Are you sure that's a decent analysis? If you have a non-debian system
with the full number of keys available, what are the chances that
you've
landed on one of the 32767 keys? Not very likely. So that analysis
seems
alarmist and sensational to me.
and it only applies if you're using keys _without_passphrase_. on
your root account.
do people actually allow remote root access ? for more than 5 minutes
after install?