[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: reset ssh keys, even if only a public key in fedora?

On Tue, 2008-08-19 at 11:32 -0400, Simo Sorce wrote:
> On Tue, 2008-08-19 at 16:04 +0200, Patrice Dumas wrote:
> > Hello,
> > 
> > I just received the reset password mail, and it asks me to reset my ssh 
> > key by doing ssh-keygen. However, if I recall well I only uploaded my 
> > public key to the fedora server. Why would I want to reset my key pair?
> > 
> > Maybe I am not one of the users who should reset their key, but I am
> > almost sure that I sent the public key to the fedora server, and it
> > seems to me that it is used for cvs access. So it is unclear if
> > I 'do not use a SSH key in the Fedora Account System'.
> > 
> > Am I missing something? Can anybody clarify?
> DSA keys can be compromised if the server you connect to is compromised.
> See discussions about the recent openssl debacle for debian.

This is wrong. Your DSA private key is compromised if you used it for
signing on a client with broken RNG. The server just verifies a
signature so it cannot compromise the private key this way.

> If your key is an RSA one, to date it seem you shouldn't have problems
> even if a peer server is compromised as long as your private key was not
> directly exposed.

Yes, secrecy of the private key in RSA signature generation doesn't
depend on good RNG. (It of course depends on other things but good RNG
is not required.)

Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]