[CentOS] OpenSSL/SSH Bug on Debian - Compromised key pairs
Daniel de Kok
me at danieldk.orgThu May 15 12:19:22 UTC 2008
- Previous message: [CentOS] OpenSSL/SSH Bug on Debian - Compromised key pairs
- Next message: [CentOS] OpenSSL/SSH Bug on Debian - Compromised key pairs
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, May 15, 2008 at 12:20 AM, Clint Dilks <clintd at scms.waikato.ac.nz> wrote: > I know this may seem off topic, but I thought for those of us who might have > Debian users generating key pairs that they put on CentOS systems people > should be aware that > > everybody who generated a public/private keypair or an SSL > cert request on Debian or Ubuntu from 2006 on is vulnerable Yes, it is very important to follow up on this issue as soon as you can (now) to see if any of your keys or those of your users are affected. Additionally, it should be noted that in the case of *DSA* keys, this can even affect users who do have good keys but used them to communicate with a Debian server with the botched OpenSSL. An explanation of this problem is provided here: http://blog.sesse.net/blog/tech/2008-05-14-17-21_some_maths.html Take care, Daniel
- Previous message: [CentOS] OpenSSL/SSH Bug on Debian - Compromised key pairs
- Next message: [CentOS] OpenSSL/SSH Bug on Debian - Compromised key pairs
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list