[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: reset ssh keys, even if only a public key in fedora?



> On Tue, 2008-08-19 at 16:04 +0200, Patrice Dumas wrote:
>> Hello,
>>
>> I just received the reset password mail, and it asks me to reset my ssh
>> key by doing ssh-keygen. However, if I recall well I only uploaded my
>> public key to the fedora server. Why would I want to reset my key pair?
>>
>> Maybe I am not one of the users who should reset their key, but I am
>> almost sure that I sent the public key to the fedora server, and it
>> seems to me that it is used for cvs access. So it is unclear if
>> I 'do not use a SSH key in the Fedora Account System'.
>>
>> Am I missing something? Can anybody clarify?
>
> DSA keys can be compromised if the server you connect to is compromised.
> See discussions about the recent openssl debacle for debian.
>
> If your key is an RSA one, to date it seem you shouldn't have problems
> even if a peer server is compromised as long as your private key was not
> directly exposed.
>
> a BIG AFAIK.

My understanding is that RSA is "secure enough*" if your key is 2048 bit
or higher, which incidentally is what the Inf team specified.  Not sure
about DSA/DSS in terms of the compromise of issue you specify.  IIRC, the
Debian issue was about the random seed no longer being random due to a
packaging error.

*i.e. unless No Such Agency really, really wants your bits

> Simo.
>
> --
> Simo Sorce * Red Hat, Inc * New York
>
> --
> fedora-devel-list mailing list
> fedora-devel-list redhat com
> https://www.redhat.com/mailman/listinfo/fedora-devel-list
>


-- 
novus ordo absurdum


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]