SSH DSA logins on crank.

Carl-Daniel Hailfinger c-d.hailfinger.devel.2006 at gmx.net
Tue May 20 08:13:51 EDT 2008


On 20.05.2008 13:31, Holger Levsen wrote:
> Hi,
>
> On Tuesday 20 May 2008 04:08, Bernie Innocenti wrote:
>   
>> Hopefully this doesn't mean that the _private_ DSA key can be
>> compromised if the _public_ key was copied on a Debian/Ubuntu machine.
>>     
>
> Not by copying to, but by using with, yes, unfortunatly.
>   

Sorry, "using with" is very imprecise language and leads many people to
the wrong conclusion.

> Read http://blog.sesse.net/blog/tech/2008-05-14-17-21_some_maths.html - in 
> short, if the randomness is not really random, DSA can be attacked rather 
> easily. That's why debian.org and freedesktop.org don't allow DSA keys at all 
> anymore. 
>   

Everybody points to the blog entry, but nobody seems to read it. The
entry states that if you used the private DSA key on a Debian/Ubuntu
machine for login to another machine, it might be compromised. Logging
in to a Debian/Ubuntu machine does no harm. Short version: The
combination of bad random numbers and a private DSA key on the same
machine is harmful.


Regards,
Carl-Daniel



More information about the Devel mailing list