Daniel de Kok wrote: > > "Furthermore, all DSA keys ever used on affected Debian systems for > signing or authentication purposes should be considered compromised; > the Digital Signature Algorithm relies on a secret random value used > during signature generation." > > Take care, > Daniel SANS have more on this today and will likely continue to update the story as new developments emerge: http://isc.sans.org/ To summarise, scripts that allow brute-forcing of keys are already in the wild - expect to see an upturn in activity on port 22 as a result. Further, for SSL secured websites, if the public key is known, no brute-forcing is even necessary. Ned