 |
| Prev-20 | Home | Next-20 |
| Prev-20 | Home | Next-20 |
| Prev- | Prev- | Debian- | May- | Next- | Next- |
| Subject: | DSA/DSS keys and DSA 1576-1/CVE-2008-0166. |
| Group: | Debian-security |
| From: | Kurt Roeckx |
| Date: | 14 May 2008 |
openssl issue on dsa keys.
>From what I understand, when using a DSA key and the random number used
to generate a signature is known, predictable, or used twice the private
key can be calculated.
So it seem to me that if a DSA key was ever used on a system which had
that openssl version and openssl was used to generate that random
number, you have to revoke that DSA key. Even if that DSA key was
generated with a good version of openssl.
So my question is, does either the ssh client or server use openssl to
generate the random number used to sign?
Kurt
--
To UNSUBSCRIBE, email to debian-security-REQUEST
with a subject of "unsubscribe". Trouble? Contact listmaster
| Prev- | Prev- | Debian- | May- | Next- | Next- |