[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: reset ssh keys, even if only a public key in fedora?

From: Andrew Haley <aph redhat com>
To: Development discussions related to Fedora <fedora-devel-list redhat com>
Subject: Re: reset ssh keys, even if only a public key in fedora?
Date: Tue, 19 Aug 2008 17:16:22 +0100

Ralf Ertzinger wrote:

> On Tue, 19 Aug 2008 11:32:14 -0400, Simo Sorce wrote:
> 
>> DSA keys can be compromised if the server you connect to is
>> compromised. See discussions about the recent openssl debacle for
>> debian.
> 
> Which kind of invalidates the whole "public key" concept, doesn't it?
> 
> Not wanting to start a new discussion about this, but the fact that
> (some) debian-created keys were weak (and thus crackable) wasn't the
> servers fault, but the fault of the client that generated the key in
> the first place (unless I'm getting something seriously wrong).

It's worse than that: the security of ElGamal encryption depends on
a strong random number to be generated for every message, not just when
the public key is first generated.

Andrew.

References:
- reset ssh keys, even if only a public key in fedora?
  - From: Patrice Dumas
- Re: reset ssh keys, even if only a public key in fedora?
  - From: Simo Sorce
- Re: reset ssh keys, even if only a public key in fedora?
  - From: Ralf Ertzinger

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]