On Wed, May 14, 2008 at 01:10:20AM -0400, Joey Hess wrote: > openssh-server checks for weak keys and offers to replace them. But what > if you have a strong DSA host key, and have been using the broken libssl > for years? My understanding (from irc, possibly very flawed) is that > this effecively exposed the DSA host key to brute-forcing. So that key > should also probably be replaced. Having ssh handle one case but not the > other on upgrade could lead to a false sense of security..
This is technically true. However I believe that the DSA host key is only actually used if the RSA host key is missing (or the client doesn't want it for some reason), so I think it's academic and am not worrying about it too much right now. At some point I think it makes sense to stop generating a DSA host key by default; I doubt anyone would notice the difference. The above premise could use some verification, though; it's not obvious from debug output and I haven't had time to check the source or the protocol RFCs. -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
