On 20.05.2008 13:31, Holger Levsen wrote: > Hi, > > On Tuesday 20 May 2008 04:08, Bernie Innocenti wrote: > >> Hopefully this doesn't mean that the _private_ DSA key can be >> compromised if the _public_ key was copied on a Debian/Ubuntu machine. >> > > Not by copying to, but by using with, yes, unfortunatly. >
Sorry, "using with" is very imprecise language and leads many people to the wrong conclusion. > Read http://blog.sesse.net/blog/tech/2008-05-14-17-21_some_maths.html - in > short, if the randomness is not really random, DSA can be attacked rather > easily. That's why debian.org and freedesktop.org don't allow DSA keys at all > anymore. > Everybody points to the blog entry, but nobody seems to read it. The entry states that if you used the private DSA key on a Debian/Ubuntu machine for login to another machine, it might be compromised. Logging in to a Debian/Ubuntu machine does no harm. Short version: The combination of bad random numbers and a private DSA key on the same machine is harmful. Regards, Carl-Daniel _______________________________________________ Devel mailing list [email protected] http://lists.laptop.org/listinfo/devel
