On Thu, May 15, 2008 at 12:20 AM, Clint Dilks [EMAIL PROTECTED] wrote:
I know this may seem off topic, but I thought for those of us who might have
Debian users generating key pairs that they put on CentOS systems people
should be aware that
everybody who generated a public/private keypair or
On Thu, May 15, 2008 at 2:19 PM, Daniel de Kok [EMAIL PROTECTED] wrote:
Yes, it is very important to follow up on this issue as soon as you
can (now) to see if any of your keys or those of your users are
affected. Additionally, it should be noted that in the case of *DSA*
keys, this can even
Daniel de Kok wrote:
Furthermore, all DSA keys ever used on affected Debian systems for
signing or authentication purposes should be considered compromised;
the Digital Signature Algorithm relies on a secret random value used
during signature generation.
Take care,
Daniel
SANS have more on
On Thu, May 15, 2008 at 5:27 AM, Daniel de Kok [EMAIL PROTECTED] wrote:
Jikes, rereading this, this does not seem accurate at all. Let me just
quote the advisory:
Furthermore, all DSA keys ever used on affected Debian systems for
signing or authentication purposes should be considered
Hi People,
I know this may seem off topic, but I thought for those of us who might
have Debian users generating key pairs that they put on CentOS systems
people should be aware that
everybody who generated a public/private keypair or an SSL
cert request on Debian or Ubuntu from 2006 on is
Clint Dilks wrote:
Hi People,
I know this may seem off topic, but I thought for those of us who might
have Debian users generating key pairs that they put on CentOS systems
people should be aware that
everybody who generated a public/private keypair or an SSL
cert request on Debian or
6 matches
Mail list logo
