git.freedesktop.org IP change?
Dan Nicholson
dbn.lists at gmail.com
Fri May 16 10:03:46 PDT 2008
On Fri, May 16, 2008 at 9:57 AM, Otto Solares <solca at guug.org> wrote:
> On Fri, May 16, 2008 at 09:51:32AM -0700, Donnie Berkholz wrote:
>> On 11:41 Fri 16 May , Matthieu Herrb wrote:
>> > Matthias Hopf wrote:
>> > > On May 16, 08 00:50:51 -0400, Dan Phung wrote:
>> > >> There was an ssh vulnerability that forced everbody to regenerate
>> > >> their ssh keys...that's probably the reason...
>> > >
>> > > Everybody running Debian, strictly speaking.
>> > > Other distros are not affected IIRC.
>> >
>> > Other non-debian based distros are not affected, but DSA keys can be,
>> > even if they were generated on other systems: if a DSA key was used to
>> > authenticate against a vulnerable (thus potentially compromised) server,
>> > this key should be considered as compromised too.
>>
>> Eh? Do you have any links describing how distributing my public key
>> could compromise my private key? That doesn't click in my head.
>
> Anyone could guess your private key from a public key (20mins)
> generated in a vulnerable system:
>
> http://wiki.debian.org/SSLkeys
But we're talking about the case where you _didn't_ generate your
private key on a vulnerable system. I was thinking the same thing
Donnie was. I'm not running Debian or any derivatives where I
generated my keys.
--
Dan
More information about the xorg
mailing list