15 May
2008
15 May
'08
2:27 p.m.
On Thu, May 15, 2008 at 2:19 PM, Daniel de Kok me@danieldk.org wrote:
Yes, it is very important to follow up on this issue as soon as you can (now) to see if any of your keys or those of your users are affected. Additionally, it should be noted that in the case of *DSA* keys, this can even affect users who do have good keys but used them to communicate with a Debian server with the botched OpenSSL.
Jikes, rereading this, this does not seem accurate at all. Let me just quote the advisory:
"Furthermore, all DSA keys ever used on affected Debian systems for signing or authentication purposes should be considered compromised; the Digital Signature Algorithm relies on a secret random value used during signature generation."
Take care, Daniel