SSH DSA logins on crank.
david at lang.hm
david at lang.hm
Mon May 19 22:19:58 EDT 2008
On Tue, 20 May 2008, Bernie Innocenti wrote:
> Chris Ball wrote:
>> I've disabled logins with DSA keys on dev.laptop.org. Turns out that
>> while your RSA key is only vulnerable if *created* on a weak Debian or
>> Ubuntu machine, your DSA key is vulnerable if *used* on Debian/UbuntuĀ¹,
>> due to DSA having a greater reliance on randomness.
>
> Hopefully this doesn't mean that the _private_ DSA key can be
> compromised if the _public_ key was copied on a Debian/Ubuntu machine.
> If something like this was even possible, as it would make the whole
> asymmetrical key scheme rather useless :-)
the argument is that the PRNG used by buggy versions is predictable and so
someone could observe the communication and brute-force attack the
handshake, deciphering the key in the process.
David Lang
More information about the Devel
mailing list