SSH DSA logins on crank.
c-d.hailfinger.devel.2006 at gmx.net
Tue May 20 08:13:51 EDT 2008
On 20.05.2008 13:31, Holger Levsen wrote:
> On Tuesday 20 May 2008 04:08, Bernie Innocenti wrote:
>> Hopefully this doesn't mean that the _private_ DSA key can be
>> compromised if the _public_ key was copied on a Debian/Ubuntu machine.
> Not by copying to, but by using with, yes, unfortunatly.
Sorry, "using with" is very imprecise language and leads many people to
the wrong conclusion.
> Read http://blog.sesse.net/blog/tech/2008-05-14-17-21_some_maths.html - in
> short, if the randomness is not really random, DSA can be attacked rather
> easily. That's why debian.org and freedesktop.org don't allow DSA keys at all
Everybody points to the blog entry, but nobody seems to read it. The
entry states that if you used the private DSA key on a Debian/Ubuntu
machine for login to another machine, it might be compromised. Logging
in to a Debian/Ubuntu machine does no harm. Short version: The
combination of bad random numbers and a private DSA key on the same
machine is harmful.
More information about the Devel