git.freedesktop.org IP change?
Otto Solares
solca at guug.org
Fri May 16 09:57:41 PDT 2008
On Fri, May 16, 2008 at 09:51:32AM -0700, Donnie Berkholz wrote:
> On 11:41 Fri 16 May , Matthieu Herrb wrote:
> > Matthias Hopf wrote:
> > > On May 16, 08 00:50:51 -0400, Dan Phung wrote:
> > >> There was an ssh vulnerability that forced everbody to regenerate
> > >> their ssh keys...that's probably the reason...
> > >
> > > Everybody running Debian, strictly speaking.
> > > Other distros are not affected IIRC.
> >
> > Other non-debian based distros are not affected, but DSA keys can be,
> > even if they were generated on other systems: if a DSA key was used to
> > authenticate against a vulnerable (thus potentially compromised) server,
> > this key should be considered as compromised too.
>
> Eh? Do you have any links describing how distributing my public key
> could compromise my private key? That doesn't click in my head.
Anyone could guess your private key from a public key (20mins)
generated in a vulnerable system:
http://wiki.debian.org/SSLkeys
-otto
More information about the xorg
mailing list