On Fri, May 16, 2008 at 11:26 AM, nicolas vigier <[EMAIL PROTECTED]> wrote: > On Thu, 15 May 2008, Steinar H. Gunderson wrote: >> No. Any key who had a single DSA signature created by the flawed version of >> OpenSSL should be considered compromised. DSA requires a secret, random >> number as part of the signature process; if someone figures it out, or you >> use the same number twice, the entire secret key falls. > > If I understand correctly, it means that if you use a good key with a > flawed openssl to connect to an other host using that key, then that > key can be considered compromised. > > But what about using a good key on a host with a good openssl, to > connect to a server which use a bad openssl ?
The reason the former fails is because DSA needs a random number to generate its signature (as Steinar describes). This signature is obviously generated with the local openssl. Connecting to a remote host with a bad openssl doesn't matter as the random number is generated with your local good openssl. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]