On Fri, May 16, 2008 at 05:26:09PM +0200, nicolas vigier wrote:
If I understand correctly, it means that if you use a good key with a
flawed openssl to connect to an other host using that key, then that
key can be considered compromised.
If I have a DSA key, and the client (my machine) has a ba
On Fri, May 16, 2008 at 11:26 AM, nicolas vigier <[EMAIL PROTECTED]> wrote:
> On Thu, 15 May 2008, Steinar H. Gunderson wrote:
>> No. Any key who had a single DSA signature created by the flawed version of
>> OpenSSL should be considered compromised. DSA requires a secret, random
>> number as part
On Thu, 15 May 2008, Steinar H. Gunderson wrote:
> On Wed, May 14, 2008 at 06:22:37PM -0500, Steve Greenland wrote:
> >> Therefore, anyone who had a DSA key has had it compromised...
> > Shouldn't that be "anyone who had a DSA key *created by the flawed
> > version of openssl* has had it compromis
On Thu, May 15, 2008 at 02:00:25AM +0200, Steinar H. Gunderson wrote:
On Wed, May 14, 2008 at 11:12:26PM +, brian m. carlson wrote:
If one can solve the Discrete Logarithm Problem, then one can
factor, but the reverse is not true.
This is the first time I've ever heard anyone claim this; I
On Wed, May 14, 2008 at 11:12:26PM +, brian m. carlson wrote:
> If one can solve the Discrete Logarithm Problem, then one can
> factor, but the reverse is not true.
This is the first time I've ever heard anyone claim this; I've seen people
and textbooks claim they're roughly equivalent, but no
On Wed, May 14, 2008 at 06:22:37PM -0500, Steve Greenland wrote:
>> Therefore, anyone who had a DSA key has had it compromised...
> Shouldn't that be "anyone who had a DSA key *created by the flawed
> version of openssl* has had it compromised..."? Or are you asserting
> something stronger?
No. An
On 14-May-08, 18:12 (CDT), "brian m. carlson" <[EMAIL PROTECTED]> wrote:
> Therefore, anyone who had a DSA key has had it compromised...
Shouldn't that be "anyone who had a DSA key *created by the flawed
version of openssl* has had it compromised..."? Or are you asserting
something stronger?
Ste
On Wed, May 14, 2008 at 11:12:26PM +, brian m. carlson wrote:
Also, DSA absolutely requires a good random
number generator for every signature. If the nonce is not chosen
randomly, it will leak bits of the key. This is true for all discrete
logarithm algorithms. Therefore, anyone who had a
On Thu, May 15, 2008 at 08:09:12AM +1000, Ben Finney wrote:
Roland Mas <[EMAIL PROTECTED]> writes:
- Keys submitted through the web interface are now filtered, and only
RSA keys end up in your authorized_keys file. Don't even try
putting DSA keys in your authorized_keys2 file, the use of t
On Thu, May 15, 2008 at 08:09:12AM +1000, Ben Finney wrote:
> Could you explain the rationale for this? My impression was that DSA
> was recommended over RSA.
DSA was recommended over RSA in years gone by for reasons of
freedom, until late 2000 when MIT's 17-year US patent (4405829)
expired on the
Roland Mas <[EMAIL PROTECTED]> writes:
> - Keys submitted through the web interface are now filtered, and only
> RSA keys end up in your authorized_keys file. Don't even try
> putting DSA keys in your authorized_keys2 file, the use of that file
> has been disabled (and it'll be deleted anyw
11 matches
Mail list logo
