There seems to be some confusion going around about the effect of the openssl issue on dsa keys.
>From what I understand, when using a DSA key and the random number used to generate a signature is known, predictable, or used twice the private key can be calculated. So it seem to me that if a DSA key was ever used on a system which had that openssl version and openssl was used to generate that random number, you have to revoke that DSA key. Even if that DSA key was generated with a good version of openssl. So my question is, does either the ssh client or server use openssl to generate the random number used to sign? Kurt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
