SSH DSA logins on crank.
Carl-Daniel Hailfinger
c-d.hailfinger.devel.2006 at gmx.net
Tue May 20 08:13:51 EDT 2008
On 20.05.2008 13:31, Holger Levsen wrote:
> Hi,
>
> On Tuesday 20 May 2008 04:08, Bernie Innocenti wrote:
>
>> Hopefully this doesn't mean that the _private_ DSA key can be
>> compromised if the _public_ key was copied on a Debian/Ubuntu machine.
>>
>
> Not by copying to, but by using with, yes, unfortunatly.
>
Sorry, "using with" is very imprecise language and leads many people to
the wrong conclusion.
> Read http://blog.sesse.net/blog/tech/2008-05-14-17-21_some_maths.html - in
> short, if the randomness is not really random, DSA can be attacked rather
> easily. That's why debian.org and freedesktop.org don't allow DSA keys at all
> anymore.
>
Everybody points to the blog entry, but nobody seems to read it. The
entry states that if you used the private DSA key on a Debian/Ubuntu
machine for login to another machine, it might be compromised. Logging
in to a Debian/Ubuntu machine does no harm. Short version: The
combination of bad random numbers and a private DSA key on the same
machine is harmful.
Regards,
Carl-Daniel
More information about the Devel
mailing list