reset ssh keys, even if only a public key in fedora?
Andrew Haley
aph at redhat.com
Tue Aug 19 16:16:22 UTC 2008
Ralf Ertzinger wrote:
> On Tue, 19 Aug 2008 11:32:14 -0400, Simo Sorce wrote:
>
>> DSA keys can be compromised if the server you connect to is
>> compromised. See discussions about the recent openssl debacle for
>> debian.
>
> Which kind of invalidates the whole "public key" concept, doesn't it?
>
> Not wanting to start a new discussion about this, but the fact that
> (some) debian-created keys were weak (and thus crackable) wasn't the
> servers fault, but the fault of the client that generated the key in
> the first place (unless I'm getting something seriously wrong).
It's worse than that: the security of ElGamal encryption depends on
a strong random number to be generated for every message, not just when
the public key is first generated.
Andrew.
More information about the fedora-devel-list
mailing list