On Thu, May 15, 2008 at 10:37:37AM +1000, Andrew McGlashan wrote:
> Okay, if we updated (on stable):
> openssl_0.9.8c-4etch3_i386.deb
> libssl0.9.8_0.9.8c-4etch3_i386.deb
> Then re-generated all keys and certificates.
Then you are fine.
> Later we get these updates:
> openssh-server_1%3a4.3p2
Mario 'BitKoenig' Holbe <[EMAIL PROTECTED]> wrote:
> ssh-dss.c:ssh_dss_sign() calls openssh's DSA_do_sign() which finally
^
openssl's, of course.
regards
Mario
--
The social dynamics of the net are a direct consequence of the fact that
nobody has yet d
Hi,
Mario 'BitKoenig' Holbe wrote:
Kurt Roeckx <[EMAIL PROTECTED]> wrote:
So my question is, does either the ssh client or server use openssl
to generate the random number used to sign?
Yes, they both do.
ssh-dss.c:ssh_dss_sign() calls openssh's DSA_do_sign() which finally
goes down to ssleay
Kurt Roeckx <[EMAIL PROTECTED]> wrote:
> So my question is, does either the ssh client or server use openssl to
> generate the random number used to sign?
Yes, they both do.
ssh-dss.c:ssh_dss_sign() calls openssh's DSA_do_sign() which finally
goes down to ssleay_rand_add() (via dsa_sign_setup()->B
There seems to be some confusion going around about the effect of the
openssl issue on dsa keys.
>From what I understand, when using a DSA key and the random number used
to generate a signature is known, predictable, or used twice the private
key can be calculated.
So it seem to me that if a DSA
5 matches
Mail list logo
