On Thu, 2008-05-15 at 14:29 -0700, Jeffrey Nonken wrote: > http://www.linux.com/feature/135270
This paragraph is probably wrong: > Debian and derivative distribution users can use the apt-get upgrade > command to replace vulnerable keys on their systems, and Ubuntu users > applying the security patches which appeared yesterday will have their > weak keys replaced automatically, but as Moore points out, that > doesn't solve the problems caused by weak keys being used to sign > certificates or copied to other servers. More detailed information is available at http://wiki.debian.org/SSLkeys Note that the vulnerability meant that only 2^15 different keys of each size were being generated. This is an incredibly small number, and I'm sure many hackers have dictionaries of the entire key set now to break in to systems with affected authorized_keys files. _______________________________________________ vox-tech mailing list [email protected] http://lists.lugod.org/mailman/listinfo/vox-tech
