Zack Weinberg wrote: > It occurred to me that monotone does have the ability to load signing > keys into ssh-agent, which might have meant they got used with the bad > random number generator; but monotone only uses RSA keys, so as I > understand it that's not a problem. > What matters is how the key is initially generated. So monotone should be OK, even with ssh-agent. However both RSA and DSA keys (ssh, x509, etc) are affected by the above security flaw when the key was generated by the bad library.
Brian May _______________________________________________ Monotone-devel mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/monotone-devel
