SSH DSA logins on crank.

Bernie Innocenti bernie at codewiz.org
Mon May 19 22:08:06 EDT 2008


Chris Ball wrote:
> I've disabled logins with DSA keys on dev.laptop.org.  Turns out that
> while your RSA key is only vulnerable if *created* on a weak Debian or
> Ubuntu machine, your DSA key is vulnerable if *used* on Debian/UbuntuĀ¹,
> due to DSA having a greater reliance on randomness.

Hopefully this doesn't mean that the _private_ DSA key can be
compromised if the _public_ key was copied on a Debian/Ubuntu machine.
If something like this was even possible, as it would make the whole
asymmetrical key scheme rather useless :-)

Copying a private key on multiple machines always has been very
poor security practice anyway.

-- 
   \___/
  _| X |  Bernie Innocenti - http://www.codewiz.org/
  \|_O_|  "It's an education project, not a laptop project!"




More information about the Devel mailing list