Hello, due to the recent vulnerability in Debian related to SSL I am regenerating some SSL certificates used in my organization. My certificates are issued with the following command, which prompt for a password:
openssl req -new -x509 -keyout ca_key.pem -out ca_cert.pem -days 3650 I am wondering if it is safe to reuse the same password to protect the private keys associated to the certificates generated. My understanding is that there should be no problem since a different salt is used every time in private key PEM files and the hash/encryption algorithm used is not vulnerable to known-plaintext attacks. Is my assessment of the situation correct? Thanks a lot, Laurent Birtz ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
