On Apr 10, 2014, at 10:39 AM, Matthijs Kooijman <[email protected]> wrote:
> Hey John, > >> I’ll add that if you’ve used a github ssh key anywhere else you should >> replace it there as well — and use a different key this time. > Huh? github only has your public SSH key, so there should not be any > reason to replace it AFAICS? At most double-check if they still have the > correct key listed, under the assumption that attackers might somehow > managed to get write access to github's data (for which there is no > indication, though). > > Or am I misunderstanding something here? > Valid points. You should ask Github, I’m only reporting. I’m in no way a crypto expert. I can speculate that Heartbleed might reveal enough information to crack the private key, maybe by making available both plain and encrypted versions of the exchange. I added what I did because if the key is compromised on Github it’s compromised everywhere else you use it. Regards, John Ralls _______________________________________________ gnucash-devel mailing list [email protected] https://lists.gnucash.org/mailman/listinfo/gnucash-devel
