"Steinar H. Gunderson" <[EMAIL PROTECTED]>: > On Thu, May 15, 2008 at 05:11:27AM +0200, Goswin von Brederlow wrote:
> > > Also if you have 2 messages signed with the same random number you can > > compute the secret key. It is more complicated then this but > > simplified boils down to is computing k given (k + r) * Message1 == > > Signature1 and (k + r) * Message2 == Signature2. > > For the details, since everyone doesn't read Planet Debian: > > http://blog.sesse.net/blog/tech/2008-05-14-17-21_some_maths > > /* Steinar */ If I understand this correctly, this means that not only should keys generated with the broken ssl lib be considered compromised, but all keys which were potentially used to create DSA signatures by those broken libs. In this case, the security advisory should clearly be updated. And all advise about searching for weak keys should be removed as well, because it leads to false sense of security. In fact, *all* keys used on Debian machines should be considered compromised. I also wonder, what will the Debian community change in their processes to make such a security desaster less likely in the future? Martin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]