SSH DSA logins on crank.

Carl-Daniel Hailfinger c-d.hailfinger.devel.2006 at
Tue May 20 08:13:51 EDT 2008

On 20.05.2008 13:31, Holger Levsen wrote:
> Hi,
> On Tuesday 20 May 2008 04:08, Bernie Innocenti wrote:
>> Hopefully this doesn't mean that the _private_ DSA key can be
>> compromised if the _public_ key was copied on a Debian/Ubuntu machine.
> Not by copying to, but by using with, yes, unfortunatly.

Sorry, "using with" is very imprecise language and leads many people to
the wrong conclusion.

> Read - in 
> short, if the randomness is not really random, DSA can be attacked rather 
> easily. That's why and don't allow DSA keys at all 
> anymore. 

Everybody points to the blog entry, but nobody seems to read it. The
entry states that if you used the private DSA key on a Debian/Ubuntu
machine for login to another machine, it might be compromised. Logging
in to a Debian/Ubuntu machine does no harm. Short version: The
combination of bad random numbers and a private DSA key on the same
machine is harmful.


More information about the Devel mailing list