On Tue, 2008-05-13 at 10:14 -0600, Jordan Curzon wrote: > This came across my radar this morning: > > ".....It is strongly recommended that all cryptographic key material which has > been generated by OpenSSL versions starting with 0.9.8c-1 on Debian > systems is recreated from scratch. Furthermore, all DSA keys ever used > on affected Debian systems for signing or authentication purposes should > be considered compromised; the Digital Signature Algorithm relies on a > secret random value used during signature generation. > > The first vulnerable version, 0.9.8c-1, was uploaded to the unstable > distribution on 2006-09-17, and has since propagated to the testing and > current stable (etch) distributions. The old stable distribution > (sarge) is not affected....." > > http://lists.debian.org/debian-security-announce/2008/msg00152.html
It looks like there is a script that you can download off that announcement to see if you have weak keys. I did a quick search on my users and hosts and it seems like I did have a few weak keys. Nathan
signature.asc
Description: This is a digitally signed message part
/* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
